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(54) SYSTEM FOR MANAGING PROGRAM STORED IN STORAGE BLOCK OF MOBILE TERMINAL 



(57) Management server 1 6 obtains application pro- 
grams from content server 20 in response to requests 
of mobile tenninal 11 , and transmits the obtained appli- 
cation programs to mobile terminal 11 with Information 
concerning reliabilities of the application programs. Af- 
ter mobile temiinai 11 receives the application programs 
from management server 16, mobile terminal 11 man- 
ages operations of the application programs, which are 
coordinated with operations of other programs using the 



information concerning the reliabilities corresponding to 
the application programs. According to the manage- 
ment of coordinated operations of a plurality of applica- 
tion programs as stated above, problems concerning in- 
formation security, where valuable Information may be 
leaked unexpectedly because of operations of low reli- 
able application programs, can be avoided. As a result, 
convenience of users of mobile temninals 11 can be im- 
proved without deteriorating the information security of 
mobile terminals 11 . 
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Description 

Technical Field 

[0001] The present invention relates to a system for s 
managing programs (Including applets) stored In a stor- 
age unit, which Is Installed In or attached to a mobile 
terminal. 

Background Art 

[0002] In recent years, mobile terminals, which are 
equipped with nonvolatiiity memories of comparatively 
large storage capacity for storing application programs, 
which are not stored when the mobile tennlnals are pur- is 
chased by their users, and which can execute the appli- 
cation programs, have been developed. 
[0003] The users of the above-mentioned mobile ter- 
minals can delete unnecessary application programs 
from the nonvolatiiity memories and write other applica- 20 
tion programs Into the nonvolatiiity memories. There- 
fore, the users of mobile terminals can use new appli- 
cation programs without replacing old mobile tennmals 
with new mobile terminals. 

[0004] In some of the above-mentioned mobile termi- 2s 
nals, which can write application programs into the 
memories, Java virtual machines are installed. The mo- 
bile terminals, in which Java virtual machines are In- 
stalled, can download Java application programs (In- 
cluding Java applets) through mobile communication 30 
networks, write the downloaded Java application pro- 
grams into their nonvolatiiity memories, and execute the 
programs. (Application programs including applets are 
refen'ed to as 'applications' hereinafter.) 
[0005] The above-mentioned mobile terminals can be 35 
inconvenient to use in situations where their users want 
to access several applications in a series of operations. 
[0006] Following Is an example, which describes the 
above-mentioned drawback of the prior art, wherein, a 
user of a mobile tenninal needs to access application A 40 
for making an application for purchasing commodities 
by mail order, and application B for making the payment 
for the purchases. In the present example, the user, first- 
ly makes an application for the purchase of a certain 
commodity using application A. At this stage, the user 45 
has not made the payment forthe purchased commodity 
yet, and the user takes down the necessary information 
for making the payment, namely the amount, the name 
of the bank to which the money is to be remitted, the 
bank account details for making the remittance, and so 50 
on, all of which is written down on a piece of paper, and 
terminates application A. Next, the user accesses appli- 
cation B to remit the money to make the payment. By 
using application B, the user can remit the desired 
amount of money from a certain bank account of the us- 55 
er to any appointed bank account. The user inputs the 
payment amount, the name of the bank, the bank ac- 
count details forthe remittance, and so on, into the mo- 



bile terminal which executes application B, while all 
along referring to the information which was written 
down on a piece of paper in the previous step. Then, the 
user terminates application B, and starts application A 
again to conf inn that the remittance was done success- 
fully and that all the procedures for purchasing the mer- 
chandise has been completed. The user inputs a com- 
mand so that the mobile tenninal, which is executing ap- 
plication A, displays a screen showing the commodity 
purchase history, and the user conf inns that the remit- 
tance for the purchased commodity has been confirmed 
by the seller, and at the same time, the user gets some 
additional infonnation such as the date of delivery of the 
commodity etc. 

[0007] As the above-mentioned example of the con- 
ventional art describes, users of mobile terminals need 
to change applications and 'Input riecessary data man- 
ually when users need to make several applications us- 
ing a series of operations. As a result, the operations 
take time and the users may feel the operations bother- 
some, as well as make mistakes while Inputting infor- 
mation, which can cause problems in conducting busi- 
ness. 

Disclosure of the Invention 

[0008] To overcome the inconvenience of the conven- 
tional art, which is mentioned above, the inventors of the 
present application developed the idea; of pre-storing 
several applications in the nonvolatiiity memories of mo- 
bile tennlnals, enabling them to execute coordinated op- 
erations. However, If functions or data of an application 
are used for another application without any restriction, 
it will not be possible to maintain infomnation security. 
[0009] For example, a mobile terminal stores applica- 
tion C for managing schedules of users of mobile termi- 
nals and application D for transmitting and receiving 
emails. Application C manages information conceming 
the schedule of the user of a mobile terminal, which the 
user would like to keep private. However, if application 
D is pennitted to use the functions or data of application 
C without any restriction, when the user uses application 
D to send emails to his/her friends, there Is a risk that 
the infonnation conceming the schedule which is man- 
aged by application C can be transmitted to his/her 
friends. A transmission by default, of information to be 
kept private can take place, even because of trifling op- 
erational mistakes or bugs in application D. Therefore 
security of infonnation cannot be ensured for users of 
mobile tennlnals when using applications, 
[0010] Leakage of information as rnentioned above, 
as well as, destruction of information, unauthorized re- 
writing of information, and so on, are serious problems 
especially in the case of mobile terminals which may 
handle valuable infonnation such as personal informa- 
tion and monetary information. 
[0011] As a method to overcome the problem stated 
above, the Inventors of the present application devel- 



3 



EP 1391 810 A1 4 



oped the idea that in order to ensure security in commu- 
nication, the reliability of applications should be first de- 
tennined; for which, Infomriation concerning the reliabil- 
ity of each application is prepared In advance and the 
operations of each of applications, which are related to 5 
one another, are to be managed on the basis of the in- 
formation concerning their reliability. Namely, applica- 
tions which are judged, after adequate evaluation, to be 
highly reliable, and known notto cause problems In han- 
dling important infomiation can bepermitted to usefunc- 
tions and data of applications judged to be of low relia- 
bility. On the other hand, applications with low reliability 
are not pennitted to use functions or data of applications 
of high reliability. As a result, the accidental leaking, or 
destroying of data of high reliability applications due to 
being handled by applications with a low reliability, can 
be prevented. 

[0012] To be more precise, the present Invention pro- 
vides a method for managing programs, the method 
comprising: a program- obtaining step of a mobile ter- 20 
minal obtaining a program, which can be executed by 
the mobile temninal, and storing the program in a mem- 
ory of the mobile terminal; a coordination infomnation- 
obtaining step of the mobile temrilnal for obtaining coor- 
dination infomiation, which is used for managing at least 25 
one of start of another program, which is other than the 
program, by the program and the communication of data 
with the other program, and storing the coordination in- 
formation in a memory of the mobile terminal, and; an 
operation- managing step of the mobile terminal deter- 30 
mining conditions of at least one of start of the other pro- 
gram and the communication of data with the other pro- 
gram on the basis of the coordination information, which 
corresponds to the program, in the instance that the oth- 
er program is requested to execute an operation when 35 
the program, which is stored in the memory, is under 
execution. 

[0013] The present invention also provides a program 
managementsystem,thesystem comprising: a commu- 
nication network, which contains a delivering server, a 4o 
managing server,, and a mobile terminal; wherein, the 
delivery server comprises a program- storing unit for 
storing a program, and a program- transmitting unit for 
transmitting the program to the mobile terminal; the 
managing server comprises a coordination information- 45 
storing unit for storing coordination Infomnation, con- 
cerning the control of the coordinated operations of the 
program and another program, which is other than the 
program, and a coordination infonmation- transmitting 
unit for transmitting the coordination information to the so 
mobile temriinal, and; the mobile temiinal comprises a 
program- receiviiig unit for receiving the program from 
the delivering server, a coordination information- receiv- 
ing unit for receiving the coordination information from 
the managing server, a program- storing unit for storing 55 
the program, a coordination information- storing unit for 
storing the coordination infomnation, and an operation- 
managing unit for determining conditions of at least one 



of start of the other program and the communication of 
data with the other program on the basis of the coordi- 
nation infonmation, which corresponds to the program, 

in the instance that the other program is requested to 
execute an operation when the program is under exe- 
cution. 

[0014] The present invention also provides a server 
for a communication network containing a mobile termi- 
nal, the server comprises: a coordination information- 
storing unit for storing coordination infomiation, which 
is used for detemnining conditions of at least one of start 
of a program and communication of data with the pro- 
gram in the instance that the program is requested to 
execute an operation when another program, which is 
other than the program, is under execution, and; a co- 
ordination information- transmitting unit for transmitting 
the coordination information to the mobile terniinal. 
[0015] The present invention also provides a mobile 
terminal comprising: a program- storing unit for storing 
a program; a coordination infomiation- storing unit for 
storing coordination information conceming control of 
coordinated operations of the program and another pro- 
gram, which is other than the program, and; an opera- 
tion- managing unit for determining conditions of at least 
one of start of the other program and the communication 
of data with the other program on the basis of the coor- 
dination infomnation in the instance that the other pro- 
gram is requested to execute an operation when the pro- 
gram is under execution. 

[001 6] The present Invention also provides a program 
and a record medium containing the program, the pro- 
gram pemriitting a computer of a managing server for 
managing programs in a communication network, which 
contains a mobile tenminal: to transmit coordination in- 
fomiation, which is used in the mobile temiinal for de- 
termining conditions of at least one of start of a program 
and communication of data with the program In the in- 
stance that the program is requested to execute an op- 
eration when another program, which is other than the 
program, is under execution, to the mobile terminal. 
[0017] The present invention also provides a program 
and a record medium containing the program, the pro- 
gram permitting a computer of a mobile terminal: to ob- 
tain coordination information conceming control of co- 
ordinated operations of programs, and; determine con- 
ditions of at least one of start of a program and commu- 
nication of data with the program in the instance that the 
program Is requested to execute an operation when an- 
other program, which is otherthah the program, is under 
execution. 

[0018] According to the program management meth- 
od, the program management system, the server, the 
mobile temiinal, the program, and the record medium, 
stated above, the operations of a plurality of programs, 
which are executed in a mobile terminal are coordinated 
on the basis of the coordination infomriation according 
to the reliability of each program, and as a result, dete- 
rioration of Information security caused by leakage of 
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information, etc. is prevented when the coordinated op- 
erations are executed following the plurality of pro- 
grams. 

Brief Description of the Drawings 
[0019] 

Fig.1 is a block diagram showing an overall config- 
uration of an application delivery system according 
to thefirstembodlmentandthesecond embodiment 

of the present invention. 

Fig.2 is an external view of a mobile temninal ac- 
cording to the first embodiment and the second em- 
bodiment of the present invention. 
Fig.3 Is a block diagram showing a general outline 
of a configuration of a mobile temiinal according to 
the first embodiment and the second embodiment 
of the present invention. 

Fig. 4 is a diagram showing data components of 
memory of a mobile temiinal according to the first 
embodiment and the second embodiment of the 
present invention. 

Fig.5 is a block diagram showing a general outline 
of a configuration of a management server accord- 
ing to the first embodiment and the second embod- 
iment of the present invention. 
Fig.6 is a diagram showing a configuration of appli- 
cation information management system according 
to the first embodiment and the second embodiment 
of the present invention. 

Fig,7 is a fonnat chart showing an example of data 
stored by a user infomiation- storing unit according 
to the first embodiment and the second embodiment 

of the present invention. 

Fig.8 is a format chart showing an example of data 
stored in a registration application area of an appli- 
cation Infomiation- storing unit according to the first 
• r embodiment of the present invention. 

Fig.9 is a fonnat chart showing an example of data 
stored in a temporary custody application area of 
an application information- storing unit according to 
the first embodiment and the second embodiment 
of the present invention. 

Fig.10 and Fig.11 are flowcharts showing an appli- 
cation- storing operation by a management server 
according to the first embodiment and the second 
embodiment of the present Invention. 
Fig. 12 and Fig. 13 are images showing screens, 
which are displayed in a mobile terminal when an 
application, which is publicized by a management 
server, is purchased according to the first embodi- 
ment and the second embodiment of the present 
invention. 

Fig.14 and Fig.1 5 are flowcharts showing a pur- 
chasing operation of an application, which is publi- 
cized by a management server according to the first 
embodiment and the second embodiment of the 



present invention. 

Fig.1 6 and Fig.17 are flowcharts showing a pur- 
chasing operation of an application, which Is judged 
to have a certain reliability but not publicized by a 
5 management server according to the first embodi- 
ment and the second embodiment of the present 
invention. 

Fig. 18, Fig.1 9, and Fig.20 are flowcharts showing 
a purchasing operation of an application, which is 
^0 not given any reliability according to the first embod- 
iment and the second embodiment of the present 
Invention. 

Fig. 21 and Fig. 22 are images showing screens, 
which are displayed in a mobile station when an ap- 
plication is downloaded according to the first em- 
bodiment and the second embodiment of the 
present invention. 

Fig.23, Fig.24, and Fig.25 are flowcharts showing 
an application downloading operation according to 
20 the first embodiment and the second embodiment 
of the present invention. 

Fig. 26 is Images showing screens, which are dis- 
played in a mobile station when an application start- 
ing operation according to the first embodiment and 

25 the second embodiment of the present invention. 

Fig.27, Fig.28, Fig.29, Fig.30, and Fig.31 are imag- 
es showing screens, which are displayed in a mo- 
bile station in the instance that a plurality of appli- 
cations do not execute coordinated operations ac- 

30 cording to the first embodiment of the present in- 
vention. 

Fig.32, Fig.33, and Fig.34 are Images showing 
screens, which are displayed in a mobile station in 
the instance that a plurality of applbatlons execute 

35 coordinated operations according to the first em- 
bodiment of the present invention. 
Fig.35 is a fomnat chart showing an example of au- 
thorization information between applications ac- 
cording to the second embodiment of the present 

40 invention. 

Fig.36 is a format chart showing an example of data 
stored In a registration application area of an appli- 
cation information- storing unit according to the sec- 
ond embodiment of the present invention. 

45 Fig. 37 is a format chart showing an example of data 
stored in a registration application area of an appli- 
cation Information storing unit according to the third 
embodiment of the present Invention. 
Fig. 38 is a diagram showing a configuration of an 

50 application. Information management system ac- 
cording to the third embodiment of the present in- 
vention. 

Fig.39 is a fonnat chart showing an example of data 
stored by a user infomiation - storing unit according 
55 to the third embodiment of the present invention. 

Fig.40, Fig.41 , and Fig.42 Is a flowchart showing an 
application purchasing operation and an application 
downloading operation according to the third em- 



4 



7 



EP1 391 810 A1 



8 



bodiment of the present Invention. 

Best Mode for Carrying out the Invention 

[0020] In the following paragraphs, the prefen-ed em- 
bodiments of the present invention are explained. 

[1] First embodiment 

[1.1] Configuration 

[1.1.1] Overall configuration of application delivery 
system 

[0021] Fig.1 is a block diagram, which shows the out- 
line of the overall configuration of the application deliv- 
ery system in the embodiments of the present invention. 
[0022] The application delivery system comprises a 
plurality of mobile terminals namely, mobile temrjinals 
11-1, 11-2, — , a plurality of base stations namely, base 
stations 13-1, 13-2, — , a plurality of switching stations 
14, mobile communication network 15, management 
server 1 6, authentication server 1 7, gateway server 1 8, 
Internet 19, and a plurality of content servers namely, 
content servers 20-1 , 20-2, — . Each mobile tenninal is 
referred to as 'mobile terminal 11', each base station is 
referred to as 'base station 13', each content server is 
refen-ed to as 'content server 20\ hereafter respectively. 
If there is no need to distinguish them from other appa- 
ratuses of the same kind. 

[0023] Mobile terminal 11 is an infonnation process- 
ing apparatus having a wireless communication function 
such as a mobile phone and a Personal Handyphone 
System (PHS; registered trademark). Mobile terminal 1 1 
is equipped with a built-in nonvolatile memory or an ex- 
ternal nonvolatile memory, which can store applications. 
Mobile temrilnal 11 downloads applications from man- 
agement server 1 6 through mobile communication net- 
work 15, switching station 14, and base station 13, and 
it writes the downloaded applications Into its nonvolatile 
memory. The user of mobile terminal 11 can iexecute, at 
anytime according to the user's choice, the applications 
written into the nonvolatile memory of mobile terminal 
11. 

[0024] Base station 13 is connected to mobile com- 
munication network 15 by communication cables 
through switching station 14. When mobile terminal 11 , 
which is located in a radio zone assigned to base station 
13, makes a call to mobile communicatiori network 15, 
or mobile communication network 15 makes a call to 
mobile temiinal 11 , base station 13 establishes a wire- 
less connection with mobile terminal 1 1 , and relays com- 
munication between mobile terminal 1 1 and mobile com- 
munication network 15. Base station 13 keeps track of 
the existence of each of mobile terminals 11 in the as- 
signed radio zone by communicating through control 
signals frequently, with each of mobile terminals 11 by 
radio, and transmits the infonnation of the existence of 



mobile terminals 11 as positional information of mobile 
terminals 11 to mobile communication network 15. 
[0025] Switching station 14 is connected to base sta- 
tion 13 and to mobile communication network 15 by 

5 communication cables, and establishes a communica- 
tion channel between mobile tenminal 11, which has es- 
' tablished wireless connection with base station 13, and 
mobile communication network 1 5. Moreover, when mo- 
bile tenninal 11 , which has established communication 

10 connection with mobile communication network 15, 
moves from one radio zone managed by one of switch- 
ing stations 14 to another radio zone managed by an- 
other of switching stations 1 4, switching stations 1 4 ex- 
ecute a switching operation of communication connec- 
ts tlons between switching stations maintaining the estab- 
lished communication connection. 
[0026] Mobile communication network 15 is a com- 
munication network comprising switching stations 14, 
which are mutually connected through gateway switch- 

20 ing station (not shown) by means of communication ca- 
bles. Mobile communication network 15 establishes 
communication channels between mobile terminals 11 
through switching stations 14 and base stations 13. Mo- 
bile communication network 1 5 is also connected to oth- 

25 er commu n ication networks (not shown) , such as a fixed 
telephone network. Moreover, mobile communication 
network 1 5 is connected to Internet 1 9 through gateway 
sender 18. Mobile communication network 15 is 
equipped with position registration memory units (not 

30 shown), and the position registration memory units store 
the positional information of mobile terminals 11 , which 
is transmitted by each of base stations 1 3. When mobile 
communication network 15 makes a call to mobile ter- 
minal 11 , mobile communication network 15 transmits a 

35 connection request to base station 1 3, which can estab- 
lish wireless connection with mobile terminal 11 refer- 
ring to the infonnation stored by the position registration 
memory units. 

[0027] Management server 1 6 is a server for deliver- 

40 ing applications to mobile terminals 11 in response to 
requests from mobile terminals 1 1 . Management server 
16 receives applications from content servers 20, which 
are providers of the applications, and stores the re- 
ceived applications in a database, before the applica- 

45 tions are delivered to mobile terminals 11 . 

[0028] The administration entity of management serv- 
er 1 6 examines applications provided by content server 
20, if the administration entity of content server 20 re- 
quests the administration entity of management server 

50 16 to do so; and the administration entity of manage- 
ment server 16 detemnines the reliability indexes of the 
applications from the view point of security of their op- 
erations in mobile terminal 11, and so on. The deter- 
mined reliability indexes are recorded in a database of 

55 management server 1 6. When management server 1 6 
receives a request for transmission of an application, 
which has a reliability index, from mobile tenninal 11, 
management server 16 transmits the reliability index to 
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mobile terminal 11 along with the application. 
[0029] If mobile temiinal 11 uses an application, it is 
required that the application be purchased, downloaded 
to mobile tenninal 11, and activated namely, made into 
a state where It becomes usable (the operation to acti- 
vate an application is referred to as 'activation operation' 
hereinafter). When management server 16 receives a 
request for purchasing an application from mobile ter- 
minal 11 , management server 16 prepares a transmis- 
sion of the requested application. When the application 
is downloaded to mobile temriinal 1 1 , management serv- 
er 16 appoints an area for storing the application in the 
memory of mobile temninal 11 , and permits mobile ter- 
minal 11 to store the application in the area. Moreover, 
management server 1 6 instructs mobile terminal 1 1 to 
execute an activation operation for the application. 
When management server 16 completes the prepara- 
tion of transmission of an application or an activation 
operation of an application, management server 16 
transmits infonmation concerning these operations to a 
charge management server (not shown), which is con- 
nected to mobile communication network 15. After the 
charge management server receives the information 
concerning completion of the preparation of transmis- 
sion or an activation operation from management server 
16, the charge management server calculates the us- 
age charges of the application for mobile terminal 1 1 on 
the basis of the information. 

[0030] Authentication server 17 is a server, which 
manages public keys of mobile temriinals 11 , manage- 
ment server 1 6, content servers 20, and authentication 
server 17 in a public key system. When authentication 
server 1 7 receives a request for a public key from any 
of mobile terminals 11 , management server 1 6, or con- 
tent servers 20, authentication server 17 transmits the 
public key, which is requested to the apparatus, which 
requests the public key. 

[0031] Content server 20 stores one or several appli- 
cations, which are developed according to the specifi- 
cation of mobile tenninal 11 , and transmits the applica- 
tions to management server 1 6 in response to requests 
for the applications made by management server 1 6. 
The administration entity of content server 20 can trans- 
mit the applications to the administration entity of man- 
agement sen/er 16 for carrying out examinations of the 
contents of the applications if necessary, and obtain re- 
liability indexes of the applications from the administra- 
tion entity of management server 1 6 according to the 
result of the examinations. 

[1 .1 .2] Configuration of mobile terminal 

[0032] Following is a description of a configuration of 
mobile terminal 11 , making mobile terminal 11-1 as an 
example of mobile terminals 11 . 
[0033] Fig.2 is an extemal view of mobile terminal 
11-1 , and Fig.3 is a block diagram showing the outline 
of the configuration of mobile terminal 11-1 . As shown 



in Fig.3, mobile tenninal 1 1 -1 comprises display unit 21 , 
operating unit 22, antenna 34A, control unit 31, control 
memory 32, communteation unit 34, memory controller 
35, memory 12, and voice input-output unit 36. 

5 [0034] Display unit 21 is a component by which the 
control unit of mobile terminal 11-1 displays messages 
to a user of mobile temiinai 11-1. Display unit 21 dis- 
plays an operation menu screen for execution of appli- 
cations as shown in Fig.2, as well as menu screens for 

/o other kinds of operations, browser screens for display- 
ing information received from infonnation sites, and var- 
ious kinds of information such as strength of radio wave 
and telephone numbers. 

[0035] Operating unit 22 is a component, which pro- 

'is vides instructions to control unit 31 . Operating unit 22 is 
equipped with operation buttons, on which symbols 
such as numbers are printed, and appli-button 23. Appli- 
button 23 is an operation button to which functions for 
simplifying operations of applications are assigned. 

20 [0036] Antenna 34A is a component, which outputs 
and inputs radio wave physically when mobile temninal 
11-1 executes a wireless communication. 
[0037] Control unit 31 is a microprocessor, which con- 
trols all other components of mobile terminal 11-1 ex- 

25 cept memory 12. Control unit 31 controls each of the 
components according to the control programs, which 
are stored In control memory 32. Moreover, control unit 
31 reads out applications from memory 12 through 
memory controller 35, and executes the applications. 

30 Control unit 31 can use functions or data of an applica- 
tion stored in memory 12 in response to requests made 
by a control program or an application, which is under 
execution. In such a case, control unit 31 transmits a 
request for permitting to use the functions or the data, 

35 as well as Identification information of the control pro- 
gram or the application, which made the request, to 
memory controller 35. Memory controller 35 uses the 
identification infonnation for judging if the request 
should be accepted or not. Control unit 31 can execute 

40 several control programs and applications at the same 
time, but control unit 31 does not allow any data to be 
passed between the control programs and applications 
directly, and all data are passed through memory con- 
troller 35. 

45 [0038] Control memory 32 is a volatility memory or a 
nonvolatile memory In which control programs of control 
unit 31 and data managed by the control programs are 
stored. Control memory 32 is also used as a work area 
for control unit 31 to execute the control programs. The 

50 control programs include several programs, which real- 
ize basic functions of mobile terminal 11-1 such as mem- 
orizing telephone numbers, which are installed when 
mobile tenninal 11-1 is sold. 

[0039] Communication unit 34 is a component, which 
55 transmits to and receives signals from base station 13 
by radio wave through antenna 34A. When mobile ter- 
minal 1 1 -1 needs to transmit any information to base 
station 1 3, communication unit 34 modulates base band 
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signals using signals containing digital data, which are 
transmitted under the control of control unit 31 , and 
transmits radio wave signals to base station 13 by im- 
pressing voltages corresponding to the modulated sig- 
nals to antenna 34A. On the other hand, when commu- 
nication unit 34 receives radio wave signals from base 
station 13 through antenna 34A, communication unit 34 
demodulates the received radio wave signals to retrieve 
applications or data contained in the radio wave signals. 
If the retrieved data are an application, communication 
unit 34 transmits them to memory controller 35. If the 
retrieved data are digital voice data, communication unit 
.34 transmits them to voice input and output unit 36. Oth- 
erwise, communication unit 34 transmits the retrieved 
data to control unit 31 . 

[0040] Voice input and output unit 36 inputs and out- 
puts voice data when the user of mobile temriinal 11-1 
has conversations with any of the users of other mobile 
tenninals 11, or on fixed telephones, and so on. Voice 
input and output unit 36 comprises a microphone (not 
shown), an A/D converter (not shown), a D/A converter 
(not shown), and a speaker (not shown). When the user 
of mobile terminal 1 1 -1 talks, voice input and output unit 
36 receives voice information of the user of mobile ter- 
minal 11-1 through the microphone as analogue signals, 
and converts the received analogue signals Into digital 
voice data by the A/D converter, and transmits the data 
to communication unit 34. On the other hand, when a 
conversation partner of the user of mobile tenninal 11-1 
talks, voice input and output unit 36 converts digital 
voice data, which are provided by communication unit 
34 into analogue signals by the D/A converter, and 
makes sounds by the speaker using the analogue sig- 
nals. 

[0041] Memory controller 35 is a microprocessor, 
which controls transmissions and receptions of data be- 
tween memory 12 and control unit 31, and between 
memory 12 and communication unit 34. When commu- 
nication unit 34 transmits an application, memory con- 
troller 35 writes the application in memory 1 2. To the ap- 
plication, which communication unit 34 transmits, a re- 
quest for pemirtting to write the application in memory 
1 2 made by management server 1 6, and data Indicating 
a memory area in memory 1 2 where the application 
should be written, are attached. Memory controller 35 
writes the application to the memory area, which is in- 
dicated by the attached data. If an application, which 
memory controller 35 receives from communication unit 
34 is given a reliability index that is higherthan a certain 
level; memory controller 35 receives the reliability index 
along with the application. In such a case, memory con- 
troller 35 writes the received reliability index in the same 
memory area where it writes the applk:ation. 
[0042] When memory controller 35 receives a request 
for permitting to use functions or data of an application 
written in memory 12, namely a request for pemnitting 
to read, a request for permitting to write, and a request 
for pemiitting to delete functions or data of an applica- 



tion, from control unit 31 , memory controller 35 judges 
If the request should be accepted or not, and executes 
a proper operation to memory 1 2 on the basis of the re- 
sult of the judgment. The request for permitting to use 

5 functions or data of an application written in memory 1 2, 
which is made by control unit 31 , contains identification 
. information of the program, which requests the permis- 
sion. When memory controller 35 receives a request for 
permission, memory controller 35 checks the reliability 

10 index of the program, which requests the permission. If 
the program, which requests the permission, is a control 
program for managing control unit 31 , memory control- 
ler 35 accepts the request without any condition, and 
executes an operation to memory 12 following the re- 

15 quest, since control programs are given the highest level 
of reliability index. On the other hand, if the program, 
which requests the pennisslon, is an application read 
from memory 12, memory controller 35 specifies the 
memory area where the application Is stored in memory 

20 12 according to the identification infomiation, and reads 
out the reliability Index given to the application. If the 
reliability index of the application is not available, mem- 
ory controller 35 treats the application as an application 
with the lowest level of reliability index. Then, memory 

25 controller 35 also reads out the reliability index from the 
memory area where the application or the data of the 
application, which are requested to be used, are written. 
Memory controller 35 compares the reliability indexes, 
which are obtained as explained above, and only when 

30 the reliability Index of the application, which makes the 
request is of the same level as, or a higher level than 
the reliability index of the application whose functions or 
data are requested, does memory controller 35 accept 
the request, and then executes the necessary operation 

35 to memory 12 according to the request. Operations ac- 
cording to the permission method using reliability index- 
es mentioned above are explained using concrete ex- 
amples in the latter part of this description. 
[0043] Moreover, memory controller 35 generates a 

40 secret key and a public key of mobile tenninal 11-1, and 
encrypts and decrypts data by use of the secret key and 
the public key. Memory controller 35 generates a pair of 
secret key and public key according to a keyword, which 
is input by the user of mobile tenninal 11 under the con- 

45 trol of control unit 31 . Memory controller 35 transmits 
the public key to authentication server 1 7 through com- 
munication unit 34, and at the same time, stores the se- • 
cret key after it takes measures for protecting the secret 
key iagalnst leaking from mobile temilhal 11 . If memory 

50 controller 35 receives data, which are encrypted by use 
of the public key of mobile tenninal 11-1 from an external 
source through communication unit 34, mobile terminal 
11-1 decrypts the encrypted data by use of the secret 
key When memory controller 35 transmits data from 

55 -memory 1 2 to an external body through communication 
unit 34, memory controller 35 encrypts the data by use 
of the secret key of mobile tenninal 11-1 if necessary. 
[0044] Memory 1 2 is a nonvolatile memory for storing 
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applications, which are received from an external 
source through communication unit 34 and data, which 
are managed by the applications. Rg.4 is a diagram 
showing data components of memory 12. 
[0045] Memory 1 2 is divided into a plurality of memory s 
areas, which are classified into management areas 40 
or free areas 41. Management areas 40 are areas for 
applications, which are given reliability indexes that are 
of a higher level than a certain level, by management 
server 16. Free areas 41 are areas for applications, io 
which are not given reliability Indexes of a higher level 
than a certain level by management server 1 6, Manage- 
ment areas 40 are composed of management area 
40-1 , — , management area 40-n ('n' is an arbitrary pos- 
itive integer), and free areas 41 are composed of free *5 
area 41 -1 , free area 41 -m ('m' is an arbitrary positive 
integer). In the following description, management area 
40-1 and free area 41 -1 will serve as examples of man- 
agement areas 40 and free areas 41 respectively. 
[0046] Management area 40-1 is divided into applica- 20 
tion area 40A-1, data area 40D-1, and reliability infor- 
mation area 40R-1 . An Application is stored in applica- 
tion area 40A-1, In data area 40D-1, data, which are 
managed by the application stored in application area 
40A-1 , are stored. In reliability information area 40R-1 , 25 
the reliability index, which is given to the application 
stored in application area 4QA-1 , is stored. 
[0047] Free area 41 -1 is divided into application area 
41A-1 and data area 41D-1. An application is stored in 
application area 41 A-1 . In data area 41 D-1 , data, which 30 
are managed by the application stored in application ar- 
ea 41 A-1, are stored. 

[0048] The storing operation and deleting operation 
of the application In application area40A-1 and applica- 
tion area 41 A-1 , and the storing operation and deleting 35 
operation of reliability index in reliability information area 
40R-1 , are executed by memory controller 35 according 
to instructions provided by management server 16. On 
the other hand, the reading operation of the application 
in application area 40A-1 and application area 41 A-1, 40 
the reading operation of reliability Index in reliability in- 
fonnation area 40R-1, the writing operation of data in 
data area 40D-1 and data area 41 D-1 , the reading op- 
eration of data in data area 40D-1 and data area 41 D- 
1 , and the deleting operation of data in data area 40D- 45 
1 and data area 41 D-1 are executed by memory con- 
troller 35 in response to requests made by control unit 
31. 

[1 .1 .3] Configuration of management server 50 

[0049] Fig.5 is a block diagram showing a general out- 
line of a configuration of management server 16. Man- 
agement server 16 comprises cryptograph key storing 
unit 51 , application information storing unit 52, user in- ss 
formation storing unit 53, and control unit 54. 
[0050] Cryptograph key storing unit 51 is a unit for 
storing a secret key of management server 16 generat- 
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ed by control unit 54, and public keys of each of mobile 
tenninals 11 and each of content senders 20, which are 
obtained from authentication server 17, in the fomn of 
databases. 

[0051] Application information storing unit 52 is a unit 
for storing applications and information on locations 
where applications are stored, which are transmitted by 
each of content servers 20, in the form of a database 
along with other information of the applications such as 
names of the applications. 

[0052] User information storing unit 53 is a unit for 
storing information, In a database, to recognize which 
applications are written in memories 12 of each of mo- 
bile terminals 11, and which applications have been pur- 
chased by users of each of mobile terminals 11 to be 
ready for downloading to memories 12 in response to 
the users' requests. 

[0053] Control unit 54 is a microprocessor, which con- 
trols each of the components of management server 1 6. 
Control unit 54 controls operations of obtaining public 
keys from authentication server 17, obtaining applica- 
tions from content servers 20, decrypting applications, 
which are encrypted, encrypting applications, which are 
to be transmitted to mobile terminals 1 1 , and delivering 
the applications to mobile tenninals 11 . Moreover, con- 
trol unit 54 updates the data in the databases of crypto- 
graph key storing unit 51 , application information storing 
unit 52, and user information storing unit 53, which are 
caused by the control operations of control uriit 54. 
[0054] Data formats of each database of manage- 
ment server 1 6 and details of operations fortransmitting 
applications will be explained in the latter part. 

[1 .1 .4] Configuration of application information 
management system 

[0055] Fig. 6 is a diagram showing an application in- 
fonnation management system realized by mobile ter- 
minals 11 , management server 16, and content servers 
20. 

[0056] User infomnation storing units 53 are com- 
posed of user information storing unit 53-1 , user infor- 
mation storing unit 53-2, and user infomiation storing 
unit 53-k, which are data storage units corresponding to 
mobile temrjlnal 11-1, mobile terminal 1 1 -2, — . and mo- 
bile temninal 11-k ('k' is an integer showing the number 
of mobile tenninals 11), respectively. User information 
storing units 53-i (1=1 , — . k) is divided into downloaded 
application ariea 53A-i and down load-ready application 
area 53B-i. Downloaded application area 53A-i of user 
infonnation storing unit 53-i Is an area for storing infor- 
mation of applications, which are now stored In manage- 
ment area 40 or free area 41 of memory 12 of mobile 
terminal 11 -i. On the other hand, down load-ready appli- 
cation area53B-i of user Information storing unit 53-i is , 
an area for storing information of applications, which are 
not stored in memory 12 of mobile terminal 11 -i, but have 
already been purchased by the user of mobile tenninal 
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11-i and ready to be delivered to mobile terminal 11 in 
response to a request from mobile temninal 11 at any 
time. In downloaded application area 53A and down- 
load-ready application area 53B, information of applica- 
tions such as names of applications, version numbers 
of applications, identification numbers for identifying 
each application, sizes of applications, distinctions be- 
tween completion and incompletion of activation opera- 
tions, storage numbers of applications, etc. is stored. 
Fig. 7 is a fomiat chart showing an example of data 
stored by user information storing unit 53-i, which cor- 
responds to mobile terminal 11-1, and in orderto simplify 
the explanation, it shows only the items of memory area, 
identification number of application, activation, and stor- 
age number. 

[0057] According to the example of data shown in Fig. 
7, in application area 40A-1 of management area 40-1 
in mobile terminal 11-1, the application whose Identifi- 
cation number is 'AP-3568' is stored, and the activation 
operation for the application has been completed. Stor- 
age numbers are used for specifying the locations in 
temporary custody application area of application infor- 
mation storing unit 52, where applications, which are 
ready for transmission, are temporarily stored. The ap- 
plications, which have already been transmitted to mo- 
bile temriinal 11-1 do not need storage numbers, and no 
storage number is given to such applications in down- 
loaded application area 53A. 

[0058] According to the example of data shown in Fig. 
7, In application area 41 A-1 of free area 41-1 in mobile 
terminal 11-1, the application whose identification 
number is 'F-0325' is stored, and the activation opera- 
tion for the application has been completed. 
[0059] Further, according to the example of data 
shown in Fig. 7, there are four applications, which are 
not stored in memory 1 2 now, but the user of mobile ter- 
minal 11-1 has already purchased and he/she can 
download at any time. The application whose identifica- 
tion number is 'AP-4125' is one such application, and 
the application itself is stored in an area of application 
infomnation storing unit 52, which is identified by storage 
number T-7851 On the other hand, it is found that the 
application whose identification number Is 'AP-302V is 
not stored in application information storing unit 52 at 
present since a sign, which says 'already deleted' is re- 
corded In the item 'storage number*. It is also found that 
the application whose identification number is 'AP-451 3' 
is stored in registration application area 52R of manage- 
ment server 16 and does not require a storage number, 
since no data is given to the application in the item 'stor- 
age number*. As a matter of course, as applications 
whose information is stored in download-ready applica- 
tion area 53B are at present not stored in memory 12 of 
mobile tennlnal 11-1 , the activation operation for these 
applications has not been executed. With regard to 
these applications, therefore, no data is given for the 
item 'activation'. 

[0060] As shown in Fig. 6, application infomnation stor- 



ing unit 52 comprises registration application area 52R 
and temporary custody application area 52T. In regis- 
tration application area 52R, information on many kinds 
of applications, which are developed for mobile termi- 

5 nals 11, such as names of applications, version num- 
bers of applications, identification numbers of applica- 
tions, sizes of applications, usage charges of applica- 
tions, overview of functions of applications, etc. Is stored 
along with the applications, or in the information on !o- 

10 cations where applications are stored. In addition to 
them, regarding applications given reliability indexes, 
which are of a higher level than a certain level, informa- 
tion such as reliability indexes, distinctions between ap- 
plications being publicized and unpubliclzed, distinc- 

is tions between collection of usage charges being under- 
taken and not undertaken by the administration entity of 
management server 16, are also stored in registration 
application area 52R. Regarding applications not given 
reliability Indexes, which are of a higher level than a cer- 

20 tain level, '0' is given for the item 'reliability index' in reg- 
istration application area 52R, 

[0061] Fig. 8 Is a format chart showing an example of 
data stored in registration application area 52 R, and in 
orderto simplify the explanation, it shows only the items 

25 'identification number of application', 'reliability index', 
'publication', 'collection of usage charges', and 'storage 
location information'. Regarding the storage location in- 
formation of application, it is possible to adopt any kind 
of information, which can specify locations where files 

30 containing applications are stored. In the following de- 
scription, Unifonn Resource Locators (URLs), which are 
widely used in the Internet, will be used as the storage 
location information. 

[0062] According to the information stored in registra- 
35 tion application area 52R shown as example In Fig. 8, it 
is found that the application whose identification number 
is 'AP-3568' is given '3' as its reliability index; the appli- 
cation is publicized in management server 16; the col- 
lection of the usage charges of the application is under- 
go taken by the administration entity of management server 
16, and the application itself is stored in registration ap- 
plication area 52R. On the other hand, if it is found that 
the application whose identification number is 'AP-371 2' 
is given '5' as its reliability index, the application is pub- 
45 licized, but the collection of usage charges Is not under- 
taken by the administration entity of management server 
1 6, and the application is not stored in application infor- 
mation storing unit 52, instead, it is stored in the location 
specified by ftp://ftp.abc_software.com/application' as 
50 a file name of 'ap_0306.exe'. Furthennore, the applica- 
tion whose identification number Is 'F-3251 ' is not given 
a reliability index, and no data Is given f orthe items 'pub- 
lication', and 'collection of usage charges'. The publiciz- 
ing of applications and undertaking the collection of a 
55 charge, as well as the differences between storing an 
application, and storing location infonriation, will be ex- 
plained in the latter part of this description. 
[0063] In temporary custody application area 52T, ap- 
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plications wliose storage location infonnation is regis- 
tered In registration application area 52R are stored 
temporarily during the period after management server 
16 receives the applications from content servers 20, 
which are providers of the applications, when mobile ter- 
minals 11 request deliveries of the applications, and be- 
fore the applications are delivered to mobile terminals 
11 . Fig. 9 Is a format chart showing an example of data 
stored in temporary custody application area 52T where 
applications are stored along with storage numbers, 
which specify the applications in temporary custody ap- 
plication area 52T. 

[1 .2] Outline of transmitting operation 

[0064] Following is an explanation of an outline of an 
operation of transmitting an application. 

[1 .2.1] Operation before purchase of application 

[1 .2.1 .1] Publication of cryptograph key 

[0065] I n the application delivery system according to 
the embodiments of the present invention, authentica- 
tion server 17, which is managed by an administration 
entity that is independent from all of the administration 
entities of mobile communication networl< 15, the ad- 
ministration entity of management server 16, and the 
administration entity of content server 20, manages 
public keys of a public key system. 
[0066] Authentication server 1 7 generates for itself, a 
pair of keys namely, a secret key for authentication serv- 
er 17 (referred to as 'Secret Key for Authentication Serv- 
er" or 'SK-AS' hereinafter) and a public key for authen- 
tication server 1 7 (referred to as 'Public Key for Authen- 
tcation Server* or 'PK-AS' hereinafter). Then authenti- 
cation server 17 stores the secret key, namely 'SK-AS*, 
protecting it against leakage to an external body, and on 
the other hand, transmits the public key, namely 
'PK-AS', to any apparatus, which requests it. 
[0067] Each mobile temninal 11 generates a pair of 
keys for itself, namely a secret key for mobile tenninal 
11 (referred to as 'Secret Key for Mobile Temfilnal' or 
'SK-MT) and a public key for mobile tenninal 11 (re- 
ferred to as 'Public Key for Mobile Terminal' or 'PK-MT), 
following its user's operation. Memory controller 35 of 
each mobile terminal 11 manages the secret key, name- 
ly 'SK-MT protecting it against leakage to an extemal 
body. On the other hand, each mobile terminal 1 1 trans- 
mits the public key, namely 'PK-MT, to authentication 
server 17 through mobile communication network 15. 
When authentication server 17 receives 'PK-MP from 
mobile terminal 11 , authentication server 17 stores the 
received public key, 'PK-MT, in its database along with 
the identification number of nriobile temninal 11. Authen- 
tbation server 17 transmits the public key, namely 
'PK-MT, to any apparatus, which requests it, as in the 
case of 'PK-AS' mentioned above. 



[0068] If there Is need to distinguish a key of one of 
mobile temrilnals 11 from a key of another mobile temni- 
nal 11 , the subscription number of each mobile terminal 
1 1 is placed after the respective abbreviation of the key 
5 For example, the secret key of mobile temninal 11-1 will 
be referred to as 'SK-MT-I'. 

[0069] Management server 16 and each of content 
servers 20 generate their pairs of a secret key and a 
public key, as in the case of. each of mobile terminals 1 1 . 

10 Then, management server 1 6 and each of content serv- 
ers 20 store their secret keys protecting them against 
leakage to an external body, and at the same time, trans- 
mit their public keys to authentication server 17. When 
authentication server 17 receives the public key from 

15 management server 16, authentication server 1 7 stores 
the received public key in its database along with the 
identification number of management server 16. Au- 
thentication server 1 7 carries out the same operation for 
content servers 20 when it receives public keys of con- 

20 tent servers 20. Authentication server 1 7 transmits the 
public keys of management server 1 6 and content serv- 
ers 20 to any apparatus, which requests the keys, as in 
the cases of authentication server 1 7 and mobile termi- 
nals 11 . In this description, the secret keys and the pub- 

25 lie keys of management server 16 and content server 
20 will be referred to as follows: 
[0070] The secret key of management server 1 6: 'Se- 
cret Key for Management Server" or 'SK-MS' 
[0071] The public key of management server 16: 

30 'Public Key for Management Server* of 'PK-MS' 

[0072] The secret key of content server 20: 'Secret 
Key for Contents Server" or 'SK-CS' 
[0073] The public key of content server 20: 'Public 
Key for Contents Server* or 'PK-CS' 

35 [0074] If there is a need to distinguish a key of one of 
content servers 20 from a key of another content server 
20, the subscription number of each content server 20 
is placed after the respective abbreviation of the key, as 
in the case of mobile terminals 11 . For example, the se- 

40 cret key of content server 20-1 will be referred to as 
'SK-CS-1'. 

[0075] The algorithms for encryption using secret 
keys and the algorithms for decryption using public keys 
in authentication server 17, in each of mobile terminals 
45 11, in management server 16, and in each of content 
servers 20, are the same. Therefore, these apparatuses 
can exchange encrypted data among themselves and 
decrypt the data by exchanging their public keys. 

50 [1 .2.1 .2] Examination of application 



[0076] The administration entity of content server 20 
can apply for a substantial examination of its application 
to the administration entity of management serwer 1 6 so 
that the application would be given a reliability index 
whose level is higher than a certain level, which Is re- 
quired If the application needs to execute any operation 
in coordination with another application, or if the appli- 
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cation needs to handle infoimation, which has a high 
value. 

[0077] If the administration entity of management 
server 16 receives an application for a substantial ex- 
amination of an application from the administration en- 
tity of content server 20, the administration entity of 
management server 1 6 examines the purpose for which 
the application will be used, the description of opera- 
tions of the application, the system for managing the ap- 
plication, which is operated by the administration entity 
of content server 20, and so on. According to the result 
of the examination, the administration entity of manage- 
ment server 1 6 gives a proper level of reliability index to 
the examined application. Reliability indexes can be 
represented in many ways, but in the following explana- 
tion, the index system has 6 levels. Indexes '1', '2', '3', 
'4', and '5' are given to applications, which pass the ex- 
amination mentioned above. The larger the index, the 
higher is the reliability of the application. Index '0' Is giv- 
en to applications, which are not examined or could not 
pass the examination. 

[0078] For example, regarding an application, which 
is given reliability index '5', the administration entity of 
management server 1 6 examines, the system for man- 
aging the application by the administration entity of con- 
tent server 20, the stability of operations of the applica- 
tion etc., and judges if the results of the examination 
meetthe requirements. The application Is allowed to use 
functions of control programs of mobile temninai 11 , data 
stored in control memory 32, functions of applications 
stored in memory 12, and data stored in memory 12, if 
necessary. These data may contain data of high value 
such as personal infomiation of the user of mobile ter- 
minal 11 , credit card numbers, and so on. 
[0079] On the contrary, an application, which is given 
reliability index '1', for example, may be an application 
whose operations are not aimed at using data of high 
value such as personal information or monetary infor- 
mation, and there may be no need for the application to 
be given a reliability index of a high level, even if the 
operations of the application are stable. Although, in this 
case, the application may be evaluated as an applica- 
tion with low infomiation security, which may cause leak- 
ages of data of high value, because of the lack of a se- 
cure data management system of the administration en- 
tity of content sen/er 20, and so on. An application with 
reliability index *1' can execute coordinated operations 
with another application having reliability Index '1' or '0'. 
An application with reliability index '1' can also pass its 
data and provide its functions to an application with re- 
liability index '2', '3', '4', or '5*. However, an application 
with reliability index '1' cannot receive data or use func- 
tions of an application with reliability index '2', '3', '4', or 
'5'. An application with reliability index '1 ' cannot use any 
of the functions of the control programs of mobile termi- 
nal 11 or the data stored in control memory 32. 
[0080] If the administration entity of management 
server 1 6 decides to give a reliability index of '1 ' or higher 



than 'V to an application, it is registered in the item 're- 
liability Index' of registration application area 52R of 
management server 16 along with the Identification 
number of the application. 

5 

[1 .2.1 .3] Request for publicizing application by 
management server 

[0081] The administration entity of content server 20 
10 can request that an application, which is given a relia- 
bility index of '1 ' or higher than '1 ' is to be publicized to 
mobile tenninals 11 by management server 1 6. Regard- 
ing an application, which is requested to be publicized; 
the response 'Yes* is registered in the item 'publication' 
15 in registration application area 52R of management 
server 1 6. If management server 1 6 receives from mo- 
bile terminal 11 , a request for transmitting information of 
applications, which can be purchased, management 
server 16 transmits, to mobile tenninal 11, information 
20 of applications whose value of the item 'publication' in 
registration application area 52R is 'Yes'. On the basis 
of this infomiation, a user of mobile tenninal 11 can get 
to know which applications are publicized, and purchase 
the publicized applications more easily than others. 
25 [0082] On the contrary, if a user of mobile tenninal 1 1 
wants to purchase an application, which is not publi- 
cized by management server 16, the user applies for 
purchasing the application to the administration entity of 
content server 20 directly through the Internet by ac- 
30 cessing a home page of content server 20, which is a 
provider of the application. For example, if the adminis- 
tration entity of content server 20 wants to allow only 
certain mobile terminals 1 1 , which meet certain require- 
ments set by the administration entity of content server 
35 20 to use its applications, it Is more convenient for the 
administration entity of content server 20 not to publicize 
its applications through management server 16. How- 
ever, the applications, which are not publicized by man- 
agement server 1 6 are also delivered to mobile termi- 
te? nals 1 1 through management sen/er 1 6, and information 
of the applications is also managed by management 
server 16, in the same manner as applications publi- 
cized by management server 1 6, 

45 [1 .2. 1 .4] Request for undertaking usage charge 
collection by management server 

[0083] The administration entity of content server 20 
can request that the management of the usage charge 

50 collection of its application, which is given a reliability 
index of 'V or higher than '1 is to be undertaken by man- 
agement server 16. Regarding an application whose 
management of the usage charge collection is request- 
ed to be undertaken by management server 1 6, the re- 

55 sponse 'Yes' is registered in the item 'collection of usage 
charges' In registration application area52R of manage- 
ment server 1 6. 

[0084] If management server 16 receives a request 
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from mobile terminal 11, for purchasing an application 
whose value of the item 'collection of usage charges' in 
registration application area 52R is 'Yes', management 
server 16 transmits information such as identification 
number of the application, identification number of mo- 
bile terminal 11, and the time and date of purchase of 
the application to the charge management server, which 
is connected to mobile communication network 15, at 
the time when infomriation of the application is stored in 
download-ready application area 53B of management 
server 16. Similarly, management server 16 transmits 
information such as identification number of the appli- 
cation, identification number of mobile temiinal 11 , and 
the time and date of purchase of the application, to the 
charge management server, which is connected to mo- 
bile communication network 15 at the time when man- 
agement server 1 6 executes an activation operation for 
an application whose value of the item 'collection of us- 
age charges' in registration' application area 52 R is 'Yes'. 
The charge management server calculates the usage 
charges of each application for each mobile tenninal 11 
on the basis of the information transmitted by manage- 
ment server 16 as explained above. The administration 
entity of content server 20 and the administration entity 
of managernent server 16 agree beforehand, to certain 
conditions with regard to usage charges for each appli- 
cation, namely whether the usage charges are calculat- 
ed on the basis of purchase of the application or activa- 
tion of the application; and the agreed upon conditions 
are registered in the charge management server as part 
of the information for charging. The usage charges of 
each application, which are calculated by the charge 
management server, is collected, from each user of mo- 
bile temninal 1 1 , by the administration entity of mobile 
communication network 15, along with the communica- 
tion charge for mobile temninal 11 , which is also calcu- 
lated by the charge management server. The adminis- 
tration entity of mobile communication network 15 de- 
ducts a certain amount from the collected charge as 
commission for undertaking charge collection, and re- 
mits the remaining amount of the charge to the admin- 
istration entity of content server 20, which is the provider 
of the application. Moreover, the administration entity of 
mobile communication network 1 5 remits a certain part 
of the commission for undertaking charge collection to 
the administration entity of management server 16 as 
sen/ice charge for the provision of obtaining information 
on levying usage charges. 

[1 .2.1 .5] Request for storing application by 
management server 

[0085] The administration entity of content server 20 
can request that its application, which is given a relia- 
bility index of '1 ' or higher than '1 ', be stored in registra- 
tion application area 52R of management server 1 6. If 
an application is requested to be stored in registration 
application area 52R. the application itself is stored in 



the item 'storage location Infonnation' of registration ap- 
plication area 52R, Instead of In the infomiatlon on lo- 
cation where the application is stored. 
[0086] The administration entity of content server 20 

5 can decide whether its application itself should be stored 
in registration application area 52R, or only infonmation 
on the location where the application is stored should 
be registered in registration application area 52 R, con- 
sidering the transfer rate of communication between 

10 management server 1 6 and content server 20, and the 
nature of the application, and so on. If an application 
itself is stored in registration application area 52R, de- 
livery of the application to mobile tenninal 11 can be 
made soon after the application is requested to be de- 

is iivered by mobile terminal 1 1 , as management server 1 6 
can deliver the application without receiving the appli- 
cation froni content server 20 at the time of the request. 
Therefore, it is highly beneficial for the administration 
entity of content server 20 to request for its applications 

20 to be stored in registration application area 52R espe- 
cially if the transfer rate of communication between 
management server 1 6 and content server 20 is low. On 
the contrary, if an application is not stored in registration 
application area 52R, and the application Is transmitted 

25 from content server 20 to management server 1 6 each 
time management server 1 6 receives, from mobile ter- 
minal 11 , a requestfordeliveringthe application, content 
server 20 is able to deliver the application with some 
customizations for mobile tenninal 11. For example, 

30 content server 20 sets different access keys to the same 
application for each of mobile terminals 11 to prevent 
unauthorized users from using the application. 
[0087] Following is an explanation, with reference to 
flowcharts In Fig.1 0 and Flg.1 1 , of a series of operations 

35 executed when content server 20-1 requests manage- 
ment server 16 to store an application. First, content 
server 20-1 transmits a storage request for the applica- 
tion to management server 1 6 (step SI 01 ). The storage 
request contains the identification number of the appli- 

40 cation. 

[0088] When management server 16 receives the 
storage request for the application, management server 
16 reads the data stored in registration application area 
52R using the identification number, which is contained 

45 In the storage request, and confirms that the application 
is given a reliability index of '1' or more than 'V. After the 
confirmation, management server 16 transmits a notice 
of acceptance of the storage request to content server 
20-1 (step SI 02). 

50 [0089] When content server 20-1 receives the notice 
of acceptance of the storage request, content server 
20-1 transmits, to authentication server 17, a transmis- 
sion request of 'PK-MS', namely the public key of man- 
agement server 16 (step SI 03). In response to the 

55 transmission request of the public key, authentication 
server 1 7 transmits 'PK-MS' to content server 20-1 (step 
S104). 

[0090] After receiving 'PK-MS', content server 20-1 
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encrypts the application by use of 'PK-MS' (step S1 05). 
Because of this encrypting operation, unauthorized per- 
sons, who wiretap the application while it is being trans- 
mitted from content server 20-1 to nnanagement server 

1 6, will not be able to use the application. 

[0091] Moreover, content server 20-1 encrypts the en- 
crypted application again by use of 'SK-CS-1', namely 
the secret key of content server 20-1 (step S1 06). Be- 
cause of the encrypting operation, management server 
1 6 can confimri that the application is definitely transmit- 
ted by content server 20-1 . That is to say, the encryption 
plays the role of a certificate, which enables manage- 
ment server 16 to confirm the transmitting side of the 
application. 

[0092] Content server 20-1 transmits the double-en- 
crypted application to management server 16 (step 

S107). 

[0093] After receiving the double-encrypted applica- 
tion, management server 16 reads the data stored in 
cryptograph key storing unit 51 of management server 
16 to check if 'PK-CS-V, namely the public key of con- 
tent server 20-1 , is available in the data. If 'PK-CS-1' is 
not registered in cryptograph key storing unit 51 , man- 
agement server 1 6 transmits, to authentication server 

17, a transmission request of 'PK-CS-V (step S108). In 
response to the transmission request of the public key, 
authentication server 1 7 transmits 'PK-CS-1 ' to man- 
agement server 16 (step S109). If 'PK-CS-1' is regis- 
tered in cryptograph key storing unit 51 , management 
sen/er 1 6 skips step S1 08 and step 81 09 and moves to 
step S11 0, as there is no need to obtain 'PK-CS-1 ' from 
an extemal source. 

[0094] Then, management server 16 decrypts the 
double-encrypted application by use of 'PK-CS-1' (step 
S110). If the decryption of the application fails, it means 
that the application, which management server 1 6 re- 
ceived was falsified during transmission, or the applica- 
tion was damaged due to another reason, or the appli- 
cation was transmitted by a server other than content 
sen/er20-1 . Therefore, in this case, management serv- 
er 16 does not proceed to the following operations, but 
transmits, to content server 20-1 , a retransmission re- 
quest of the proper application. On the contrary, if the 
decryption of the application by use of 'PK-CS-1 ' is suc- 
cessful, it is confirmed that the application was transmit- 
ted from content sen/er 20-1 without any problem. 
Therefore, management server 1 6 decrypts the applica- 
tion again by use of 'SK-MS', namely the secret key of 
management server 16 (step S111). On the basis of 
these operations, management server 1 6 can obtain the 
application without encryption, and the administration 
entity of management server 1 6 can check, if necessary, 
If no falsification vyas made by the administration entity 
of content server 20-1 or by others. 
[0095] The series of operations from step SI 03 to 
step S111 , which are explained above, will be referred 
to as 'application transmitting operation 1 to manage- 
ment server' in the following explanation. 
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[0096] After step S1 1 1 , management server 1 6 stores 
the application in registration application area 52R (step 
S112), and transmits, to content server 20-1 , a comple- 
tion notice of operations for storing the application (step 
5 S113). 

[1 .2.2] Purchase of application 

[0097] Before an application Is delivered to mobile ter- 

10 minal 11 , the application needs to be purchased by the 
user of mobile tennlnal 11. Generally speaking, there 
are.two methods by which the user of mobile terminal 
11 can purchase an application, namely, purchasing an 
application which is publteized by management server 

15 16 through management server 16, or purchasing an 
application directly from the administration entity of con- 
tent server 20 by making a purchasing contract using a 
home page in content sen/er 20, etc. In the latter meth- 
od, where a purchasing contract Is made directly be- 

20 tween the user of mobile terminal 11 and the adminis- 
tration entity of content server 20, there are two varia- 
tions of operations depending on whether the applica- 
tion is given a reliability index of '1' or more than 'V, or 
the application is given a reliabiiity index '0'. Following 

25 are examples of series of operations for purchasing an 
application. 

[1 .2.2.1] Purchase of application, which is publicized by 
management server 

30 

[0098] Following is an example, with reference to Fig. 
12, Fig.13, Fig. 14, and Fig. 15, of a series of operations, 
which are executed when the user of mobile terminal 
11-1 purchases an application publicized by manage- 
rs ment server 1 6, whose provider is content server 20-1 , 
through management server 16. 
[0099] First, the user of mobile temiinal 11-1 pushes 
appli-button 23 of mobile temninai 1 1 -1 to make it display 
an application menu as shown in screen D11 . Next, the 
40 user pushes button '1 ' of operating unit 22 to select the 
item '1. New purchase of application'. When button '1* 
is pushed, mobile terminal 11-1 transmits, to manage- 
ment server 1 6, a transmission request for information 
of available applications (step S201). 
45 [0100] After receiving the transmission request for in- 
fomnation of available applications, management server 
16 reads the data stored in registration application area 
52R and extracts infomriation of applbations whose val- 
ue of the item 'publication' is 'Yes', and those applica- 
50 tions, which are not registered in user information stor- 
ing unit 53-1 . Next, management server 16 transmits the 
extracted infomiatlon, which contains identification 
numbers of applications, names of applications, func- 
tions of applications, usage charges of applications, in- 
55 formation whether collection of usage charges is man- 
aged by management server or not, and infomiation of 
locations of home pages in content servers 20 such as 
URLs, to mobile terminal 11-1 as the infomriation on 
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available applications (step S202). 
[0101] After receiving the infonnation on available ap- 
plications, mobile terminal 11-1 displays screen D12. In 
response to the screen, the user of mobile terminal 11-1 
pushes a button, which corresponds to an application, 
which has to be purchased. For example, if the user 
pushes button '1' when screen D12 Is displayed, the 
item 'Schedule management Ver.2' Is selected, and mo- 
bile terminal 11-1 displays screen D13 on display unit 
21 . Screen D1 3 shows information concerning functions 
of the selected application and usage charges, on the 
basis of which the user of mobile temiinal 11-1 makes 
a decision on whetherto purchase the application or not. 
If the user of mobile tenninal 11-1 decides to purchase 
the application and pushes button '9' when screen D13 
is displayed, mobile terminal 11-1 transmits the identifi- 
cation number of the selected application to manage- 
ment server 16 (step S203).Then, mobile terminal 11-1 
displays screen D14 on display unit 21 . 
[01 02] After receiving the identification number of the 
application, management server 16 reads the data 
stored in registration application area 52 R, and obtains 
the storage location infonnation of the application (step 
S204). 

[0103] In step S204, if the selected application itself 
is not stored in registration application area 52 R, man- 
agement server 16 obtains a URL of the application in 
content server 20-1 , from the data stored in registration 
application area 52R, as the storage location infonna- 
tion. In this case, management server 16 transmits, to 
content server 20-1 , a transmission request for the ap- 
plication (step S205). 

[0104] When content server 20-1 receives the trans- 
mission request for the application, a series of opera- 
tions, which are the same as that of 'application trans- 
mitting operation 1 to management server', are begun. 
Namely, management server 16, authentication server 
1 7, and content server 20-1 execute the operations from 
step S103 to step S1 11 shown In Fig. 10 and Fig. 11. As 
a result of carrying out the series of operations, man- 
agement server 1 6 obtains the application (step 8206). 
[0105] Management server 16 allots a storage 
number to the obtained application, and stores the ap- 
plication along with the storage number in temporary 
custody application area 52T (step 8207). The storage 
number is used for management server 16 to specify 
the location In temporary custody application area 52T 
where the application is stored. And if applications are 
stored for different applications, different storage num- 
bers are allotted to each of them even though their con- 
tents are exactly the same. 

[0106] On the contrary, if the application, which Is se- 
lected by mobile terminal 11-1 is stored in registration 
application area 52R of managernent server 16, man- 
agement server 1 6 skips the operations from step 8205 
to step 8207 and moves to step 8208, as the application 
has been already obtained. 

[0107] Next, management server 16 registers infor- 



mation on the application, such as the identification 
number of the application and the reliability Index, in 
download-ready application area 53B of user informa- 
tion storing unit 53-1 (step 8208). After the registration 

5 operation in step 8208 has been carried out, the user of 
mobile terminal 11 -1 is able to download the application, 
which has been already registered In download-ready 
application area 53B, to mobile terminal 11-1 at any time 
the user desires. When the registration operation is 

10 completed, the response 'No' is registered as the value 
of the Item 'activation' for the applbation, since the ap- 
plication has not been downloaded to mobile terrninal 
11-1 , and as a matter of course, the activation operation 
for the application has not been executed yet. If the reg- 

is istered application is stored in temporary custody appli- 
cation area 52T, the storage number for the application 
is also registered in download-ready application area 
53B. When the registration operation is completed, 
management server 16 transmits, to mobile terminal 

20 11-1 , a completion notice of operations for purchasing 
the application (step 8209). 

[0108] After receiving the completion notice of opera- 
tions for purchasing the application, mobile terminal 
11-1 displays screen pi6 or screen D16. Screen D15 

25 shows a screen, which is displayed when the newly pur- 
chased application is an application whose usage 
charges are managed by management server 16, and 
the screen informs the user of mobile terminal 1 1 -1 that 
the usage charges of the application will be collected 

30 along with the communication charge. On the contrary, 
screen D16 shows a screen, which is displayed when 
the application is an application whose usage charges 
are not managed by management server 16, and the 
screen infonns the user of mobile terminal 11-1 that it is 

35 the responsibility of the user to carry out the necessary 
procedure for settling the usage charges of the applica- 
tion. When screen D16 is displayed, the user of mobile 
tenninal 11-1 can push button '0' to display the home 
page, which Is managed by the administration entity of 

40 content server 20-1 , and follow the necessary proce- 
dure for settling usage charges of the purchased appli- 
cation in the home page. 

[01 09] If the user of mobile terminal 1 1 -1 pushes but- 
ton '9' to complete the series of operations for purchas- 
es ing a new application explained above, when screen 
D15 or screen D16 is displayed, mobile terminal 11-1 
displays screen D17 on display unit 21. Screen D17 is 
similarto a nomial screen, which is displayed when mo- 
bile tenninal 11-1 is on standby, but the letter 'a' is also 
50 displayed on the screen. The letter 'a' is a symbol for 
Informing the user of mobile tenninal 11-1 that an appli- 
cation Is ready for being downloaded. However, there 
are other ways to infonn the user of mobile terminal 11-1 
that an application is ready for being downloaded, and 
55 is not limited to displaying the letter 'a'. To achieve the 
same purpose, other ways, such as displaying other 
kinds of symbols or images, making sounds, and vibrat- 
ing mobile tenninal 11-1 , can also be adopted. 
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[0110] After management server 16 transmits the 
completion notice of operations for purchasing the ap- 
plication in step S209, management server 16 trans- 
mits, to content server 20-1 , a notice of purchase of the 
application by mobile terminal 11-1 (step S210). IVIore- 
over, if the purchased application Is an application 
whose usage charges are managed by management 
server 16, management server 16 transmits, to the 
charge management sen/er, the information on the pur- 
chased application such as the identification number of 
the application, the identification number of mobile ter- 
minal 11-1 , the time and date of purchase of the appii- 
catio n , etc , (step S2 1 1 ) . 

[1 .2.2.2] Purchase of application, which is given a 
reliability index of '1 ' or more than '1 and which is not 

publicized 

[01 1 1 ] Following is an example, with reference to Fig. 
16 and Fig. 17, of a series of operations, which are ex- 
ecuted when the user of mobile tenninal 1 1 -1 purchases 
an application, which is not publicized by management 
server 16, whose provider is content server 20-1, and 
which is given a reliability Index of '1* or more than '1'. 
[0112] If the user of mobile terminal 11-1 purchases 
an application, which Is not publicized by management 
server 1 6, the user of mobile terminal 11-1, for example, 
displays a home page of content server 20-1 In mobile 
tenninal 11-1, and applies for purchasing the application 
In the home page (step S301). The user of mobile ter- 
minal 11-1 also takes the responsibility of carrying out 
the procedure for settling the usage charges of the ap- 
plication in the same home page, if necessary. 
[01 1 3] Content server 20-1 checks whether the con- 
tents of the purchase request submitted to content serv- 
er 20-1 by mobile tenninal 11-1 in step S301 , meet the 
requirements, and if the contents of the purchase re- 
quest meet the requirements, content server 20-1 trans- 
mits, to mobile tenninal 11 -1 , a notice of acceptance for 
purchasing the application (step S302). The notice of 
acceptance for purchasing the application contains the 
Identification number of the application. When content 
server 20-1 transmits the notice of acceptance, content 
server 20-1 records the identification number of mobile 
terminal 11-1 , whose request for purchasing the appli- 
cation is accepted. 

[0114] After receiving the notice of acceptance for 
purchasing the application, mobile terminal 11-1 trans- 
mits, to management server 1 6, a request for registering 
the information of the purchased application (step 
S303). The request for registering the information con- 
tains the identification number of the application, which 
is newly purchased. 

[0115] After receiving the infomation on the pur- 
chased application from mobile terminal 11 -1 , manage- 
ment server 1 6 reads the data stored in registration ap- 
plication area 52R, and obtains a URL from content 
server 20-1 , as location information of the provider of 



the application, which is requested to be registered, ac- 
cording to tiie identification number of the application. 
Then, management server 1 6 transmits, to content serv- 
er 20-1 , a request for permission to carry out application 

5 registration in order to confirm that it is acceptable to 
content server 20-1 for the application to be registered 
as an application purchased by mobile terminal 11 -1 , us- 
ing the URL (step S304). The request for pennisslon of 
application registration contains the identification 

10 number of mobile terminal 11-1. 

[0116] After receiving tiie request for pennission of 
application registration from management server 16, 
content server 20-1 checks whether the identification 
number of the mobile terminal, for which management 

15 server 1 6 is ready to register the application as a pur- 
chased application, matches the identification number 
of the mobile terminal, for which content server 20-1 ac- 
cepted the request for purchasing the application In step 
S302. If these identification numbers match, content 

20 server 20-1 transmits, to management server 1 6, a no- 
tice of pennission for application registration (step 
S305). 

[01 17] After receiving the notice of pennission for ap- 
plication registration from content server 20-1 , manage- 
rs ment server 1 6 reads the data stored In registration ap- 
plication area 52R, and obtains the storage location In- 
fonnation of the application, which mobile terminal 11-1 
requests to be registered (step S306). 
[01 1 8] If the application, which is requested to be reg- 
30 Istered in step S306 Is not stored in registration applica- 
tion area 52R, management server 1 6 transmits, to con- 
tent server 20-1 , a request for transmitting the applica- 
tion, using the storage location infonnation of the appli- 
cation, which is recorded in registration application area 
35 52 R (step S307). When content server 20-1 receives the 
request for transmitting the application, a series of op- 
erations, which are same as that of 'application trans- 
mitting operation 1 to management server", are started. 
Namely, management server 16, authentication server 
40 17, and content server 20-1 execute the operations from 
step S103 to step S111 shown in Fig. 10 and Fig. 11, As 
a result of carrying out the series of operations, man- 
agement server 16 obtains the application (step S308). 
Management server 16 allots a storage number to the 
45 obtained application, and stores the application along 
with the storage number In temporary custody applica- 
tion area 52T (step S309). 

[0119] On the contrary, If the application, which mo- 
bile tenninal 11-1 requests to be registered, is stored In 
50 registration application area 52R, management server 
1 6 skips the operations from step S307 to step S309 
and moves to step S31 0. 

[0120] Next, management server 1 6 registers the in- 
formation of the application, which mobile terminal 11-1 
55 requests to be registered, namely the identification 
number of the application, the reliability Index of the ap- 
plication, etc. in downtoad-ready application area 53B 
of user infonnation storing unit 53-1 (step S310). Re- 
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garding the item 'activation', the response 'No' Is regis- 
tered as the value of the Item, since the activation oper- 
ation has not been executed for the application yet. If 
the application is stored in temporary custody applica- 
tion area 52T, the storage number of the application Is 5 
also registered In download-ready application areaSSB. 
After the registration operation In step S310, the user of 
mobile tenninal 1 1 -1 is able to download the application, 
which has been already registered in download-ready 
application area 53B, to mobile terminal 1 1 -1 at any time io 
the user desires. When the registration operation is 
completed, management server 1 6 transmits, to mpbjie 
terminal 11 -1 , a completion notice of operations for pur- 
chasing the application (step S31 1 }. 
[0121] When mobile tenninal 11-1 receives the com- 
pletion notice of operations for purchasing the applica- 
tion, mobile tenninal 11-1 displays the letter 'a' on dis- 
play unit 21 for infonning the user of mobile terminal 11-1 
that the newly purchased application is ready to be 
downloaded from management server 16. ^ 
[0122] If the purchased application is an application 
whose usage charges are managed by management 
server 16, management server 16 transmits, to the 
charge management server, the infomnation on the pur- 
chased application such as the Identification number of 25 
the application, the identification number of mobile ter- 
minal 11-1 , the time and date of purchase of the appli- 
cation, etc. (step S3 12). 



[1 .2.2.3] Purchase of application, which is given 
reliability index '0' 



[01 23] Following is an example, with reference to Fig. 
18, Fig. 19, and Flg.20, of a series of operations, which 
are executed when the user of mobile terminal 1 1 -1 pur- 
chases an application whose provider is content server 
20-1, and, which Is given a reliability Index '0'. The op- 
erations In this example are similar to those of the series 
of operations which start from step S301 and are ex- 
plained with reference to Fig. 16 and Fig. 17. However, 
in the following operations, management server 1 6 need 
not obtain the application In plain text for checking its 
contents, as the application Is not given a reliability index 
of 'V or more than '1'. Therefore, when the application 
is transmitted from content server 20-1 to management 
server 1 6, the application Is not encrypted by use of the 
public key of management server 16, but by use of the 
public key of mobile terminal 11-1 . Because of this en- 
cryption, the application cannot be understood by unau- 
thorized users of mobile terminal 11 -1 , even if the appli- 
cation Is wiretapped during the transmission of the ap- 
plication. As a result, unauthorized usage of the appli- 
cation can be prevented, and at the same time, conceal- 
ment of contents of the application can be ensured. 
[0124] In this series of operations, the user of mobile 
tenninal 11-1, for example, firstly displays a home page 
of content server 20-1 In mobile terminal 11 -1 , and ap- 
plies for purchasing the application in the home page 



30 



35 



40 



45 



50 



55 



(step S401). The user of mobile tenninal 11-1 also takes 
the responsibility of carrying out the necessary proce- 
dure for settling usage charges of the application in the 
same home page. 

[0125] Content server 20-1 checks whether the con- 
tents of purchase request, which is submitted to content 
server 20-1 by mobile tenninal 11-1 In step S401 , meets 
the requirements, and if the contents of purchase re- 
quest meet the requirements, content server 20-1 trans- 
mits, to mobile terminal 1 1 -1 , a notk;e of acceptance for 
purchasing the application (step S402). The notice of 
acceptance for purchasing the application contains the 
Identification number of the application. When content 
server 20-1 transmits the notice of acceptance, content 
server 20-1 records the identification number of mobile 
tenninal 11-1 , whose request for purchasing the appli- 
cation is accepted. 

[0126] After receiving the notice of acceptance for 
purchasing the application, mobile terminal 11-1 trans- 
mits, to management server 1 6, a request for registering 
the infonnation of the purchased application (step 
S403). The request for registering the information con- 
tains the identification number of the application, and a 
URL in content server 20-1 as storage location informa- 
tion of the application. 

[0127] After receiving the request for registering the 
Infonnation from mobile tenninal 11-1, management 
server 16 transmits, to content server 20-1 , a request 
for transmitting the application (step S404). The request 
for transmitting the application contains the Identifica- 
tion number of mobile terminal 11-1. 
[0128] After receiving the request for transmitting the 
application from management server 1 6, content server 
20-1 checks whether the Identification number of the 
mobile tenninal, which requests the transmission of the 
application, matches the identification number of the 
mobile terminal for which content server 20-1 accepted 
the request for purchasing the application In step S402. 
If these identification numbers match, content server 
20-1 transmits, to authentication server 1 7, a request for 
transmitting 'PK-MT-V, namely the public key of mobile 
tenninal 11-1 (step S405). In response to the request for 
transmitting 'PK-MT-I', authentication server 17 trans- 
mits 'PK-MT-r to content server 20-1 (step S406). 
[0129] After receiving 'PK-MT-1', content server 20-1 
encrypts the application, which is to be transmitted, by 
use of 'PK-MT-1' (step S407). 

[0130] Moreover, content server 20-1 encrypts the en- 
crypted application again by use of 'SK-CS-1 ', namely 
the secret key of content server 20-1 (step S408). Be- 
cause of the encrypting operation, management server 
16 can confirm that the application was definitely trans- 
mitted by content server 20-1 . 

[0131] Content server 20-1 transmits the double-en- 
crypted application to management server 16 (step 
S409). 

[0132] After receiving the double-encrypted applica- 
tion, management server 16 reads the data stored in 
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cryptograph key storing unit 51 of management server 
16 to check if 'PK-CS-V, namely the public key of con- 
tent server 20-1 , is available in the data. If 'PK-CS-1 ' is 
not registered in cryptograph key storing unit 51 , man- 
agement server 1 6 transmits, to authentication server 
1 7, a transmission request of 'PK-CS-V (step S410). In 
response to the transmission request of the public key, 
authentication server 1 7 transmits 'PK-CS-1 ' to man- 
agement sender 16 (step S411). If 'PK-CS-1' is regis- 
tered in cryptograph key storing unit 51 , management 
server 1 6 skips step S41 0 and step S411 and moves to 
step S412, as there is no need to obtain 'PK-CS-1' from 
an external source. 

[0133] Then, management server 16 decrypts the 
double-encrypted application by use of 'PK-CS-1' (step 
S412). If the decryption of the application falls, It means 
that the application which management server 16 re- 
ceived was falsified during transmission, or the applica- 
tion was damaged due to some reason, or the applica- 
tion was transmitted by a server other than content serv- 
er 20-1 . Therefore, in this case, management server 1 6 
does not proceed to the following operations, but trans- 
mits, to content server 20-1 , a retransmission request 
of the proper application. On the contrary, if the decryp- 
tion of the application by use of 'PK-CS-1 ' is successful, 
it Is confinned that the application was transmitted from 
content server 20-1 without any problem. 
[0134] The series of operations from step S405 to 
step S412, which are explained above, will be referred 
to as 'application transmitting operation 2 to manage- 
ment server" in the following explanation. 
[0135] Next, management server 16 allots a storage 
number to the application, and stores the application 
along with the storage number in temporary custody ap- 
plication area 52T (step S413). In this case, the appli- 
cation which is stored in temporary custody application 
area 52T, is still encrypted by use of 'PK-IVIT-1 ', namely 
the public key of mobile terminal 11-1 , and the applica- 
tion cannot be decrypted by the administration entity of 
management server 1 6. 

[0136] Next, management server 16 registers the 
identification number of the application and a URL in 
content server 20-1 as storage location information of 
the application in registration application area52R (step 
S414). The information, which is registered in this reg- 
istration operation, is referred to when management 
server 16 needs to obtain the same application from 
content server 20-1 in response to a request for trans- 
mitting the application. Regarding the data correspond- 
ing to the application in registration application area 
52R, the value of the Item 'reliability index' is set as '0', 
and the value of the item 'publication' is left blank ('-'). 
[0137] Next, management sender 16 registers the in- 
formation of the application which mobile tenninal 11-1 
requests to be registered, namely the identification 
number of the application, the storage number of the ap- 
plication, etc. in ready for download application area 
53B of user information storing unit 53-1 (step S415). 



Regarding the item 'activation', the response 'No' is reg- 
istered as the value of the item, and regarding the item 
'reliability index', '0' is registered as the value of the item. 
After the registration operation in step S415, the user of 

5 mobile terminal 11-1 is able to download the application, 
which has already been registered in down load-ready 
application area 53B, to mobile temiinal 1 1 -1 at any time 
tiie user desires. When the registration operation is 
completed, management server 1 6 transmits, to mobile 

10 terminal 1 1 -1 , a completion notice of operations for pur- 
chasing the application (step S416). 
[0138] When mobile terminal 11-1 receives the com- 
pletion notice of operations for purchasing the applica- 
tion, mobile terminal 11-1 displays the letter 'a' on dls- 

15 play unit 21 for infomriing the user of mobile temiinal 11-1 
that the newly purchased application is ready to be 
downloaded from management server 1 6. 

[1 .2.3] Download of application to mobile tenninal 

20 

[0139] After the user of mobile terminal 11 purchases 
an application, the user needs to download the pur- 
chased application to mobile terminal 11-1 . Following is 
an example, with reference to Fig.21, Fig.22, Fig.23, 
25 Fig.24, and Fig.25, of a series of operations, which are 
executed when mobile terminal 11-1 downloads an ap- 
plication. 

[0140] First, the user of mobile tenninal 11-1 pushes 
appli-button 23of mobile tenninal 11-1 to display the ap- 

30 plication menu shown as screen D21 . When screen D21 
Is displayed, the user of mobile terminal 11-1 pushes 
button '2' of operating unit 22 to select the item '2.Down- 
load of application'. When button '2' is pushed down, 
mobile terminal 11-1 transmits, to management server 

35 16, a request for transmitting information on applica- 
tions, which can be downloaded to mobile terminal 11-1 
(stepS501). 

[01 41 ] After receiving the request for transniitting in- 
formation of applications, management server 1 6 trans- 

40 mits, to mobile tenminal 11-1, names of applications and 
identification numbers of applications, which are regis- 
tered in down load-ready application area 53B of user 
information storing unit 53-1 , as the infonnation on ap- 
plications (step S502). 

45 [0142] After receiving the infonnation on applications, 
mobile temiinal 11-1 displays screen D22. In response 
to the screen, the user of mobile terminal 11-1 can ap- 
point an application, which the user wants to download 
by pushing a button whose number corresponds to the 

50 number of the application on the screen. For example, 
if the user pushes button '1' when screen D22 is dis- 
played, the application titled 'Schedule manager Ver.2' 
is appointed. When an application is appointed by an 
operation of the user of mobile terminal 11-1, mobile ter- 

55 minal 11-1 transmits the identification number of the ap- 
pointed application to management server 16 (step 
S503). 

[0143] After receiving the identification number of the 
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appointed application, management server 1 6 reads the 
data stored in download-ready application area 53B, 
and checks wlietherthe appointed application is given 
a reliability index of '1 ' or more than '1 '. Next, manage- 
ment server 1 6 reads the data stored in downloaded ap- 
plication area 53A and checlcs whether memory 12 of 
mobile terminal 1 1 -1 has enough free space for storing 
the appointed application (step S504). In step S504, if 
the appointed application is given a reliability index of 
'1' or more than '1', it is checked whether memory 12 
has enough free space in management area 40. On the 
contrary, in step S504, if the appointed application is not 
given a reliability Index of '1' or more than '1', it is 
checked whether memory 12 has enough free space in 
free area 41 . 

[0144] In step S504, if memory 12 of mobile terminal 
11-1 does not have enough free space for storing the 
appointed application, management server 16 trans- 
mits, to mobile temrjlna! 11-1, a request for appointing 
an application, which is to be deleted from memory 12 
(step S505). The request for appointing an application 
contains information indicating whether the application, 
which is requested to be downloaded, is given a relia- 
bility index, of '1 ' or more than '1 or not. When mobile 
terminal 11-1 receives the request for appointing an ap- 
plication, mobile temninal 11-1 displays screen D23 by 
display unit 21 . In response to the screen, if the user of 
mobile terminal 11-1 pushes button '9' to instruct the ex- 
ecution of the following operations, mobile terminal 11-1 
displays screen D24 on display unit 21. If the applica- 
tion, which is appointed for downloading, is an applica- 
tion, which is given a reliability index of '1' or more than 
'1 ', names of applications, which are stored in manage- 
ment area 40, are listed in screen D24. On the contrary, 
if the application, which is appointed for downloading, is 
an application, which is not given a reliability index of '1 ' 
or more than '1 ', names of applications, which are stored 
In free area 41 , are listed on screen D24. In response 
to the screen, the user of mobile temninal 11-1 can ap- 
point an application, which the user decides to delete 
from memory 1 2 by pushing a button whose number cor- 
responds to the number of the application on the screen. 
IVIobile temninal 11-1 transmits the identification number 
of the appointed application to management server 1 6 
(step S506), After the operation in step S506, rriobile 
temninal 11-1 displays screen D25 on display unit 21 . 
[01 45] On the contrary, in step S504, if memory 1 2 of 
mobile temninal 11-1 has enough free space for storing 
the application, which is appointed for downloading, the 
operations in step S505 and step S506 are skipped, and 
management server 1 6 moves to the operation in step 
S507. In this case, mobile terminal 11-1 displays screen 
D25 on display unit 21 . 

[0146] Next, management server 16 reads the data 
stored in download-ready applbation area 53B, and 
checks whether the application, which is appointed to 
be downloaded by mobile terminal 11 -1 , is stored in ap- 
plication information storing unit 52 or not (step S507). 



Following is an example, with reference to Flg.7 of op- 
erations, which are executed when the application is 
stored in application information storing unit 52, and op- 
erations, which are executed when the application is not 

5 Stored in application information storing unit 52. 

[0147] If the identification number of the application; 
which mobile tenninal 11 -1 appoints to be downloaded, 
is 'AP-4125', the corresponding storage number is T- 
7851' according to the data example shown in Fig.7. 

10 This means that the application is stored in temporary 
custody application area 52T. If the Identifteation 
number of the application, which mobile terminal 11-1 
appoints to be downloaded, is •AP-4513', no data is giv- 
en in the Item 'storage number* according to the data 

IS example shown in Fig.7. This means that the corre- 
sponding application Is an application, which is request- 
ed to be stored in registration application area 52 R. 
Therefore, the appointed application is stored in regis- 
tration application area 52R. 

20 [0148] On the contrary, if the Identification number of 
the application, which mobile terminal 11-1 appoints to 
be downloaded, is 'AP-3021 ', the value of the item 'stor- 
age number* corresponding to the application shows 'al- 
ready deleted' according to the data example shown in 

25 Fig.7. This means that the corresponding application is 
not stored either in temporary custody application area 
52Tor in registration application area52R. As explained 
later in step S523, if the requested application is an ap- 
plication, which is not requested to be stored in regis- 

30 tration application area 52R, the application is deleted 
from temporary custody application area 52T when the 
application is downloaded. Therefore, there can be 
some applications, which are not found in application 
infonnation storing unit 52 even though they are regis- 

35 tered in download-ready application area 53B. 

[0149] If the application, which is appointed to be 
downloaded, Is found not to be stored in application In- 
formation storing unit 52 in step S507, as In the case of 
the application whose identification number is 'AP- 

40 3021 ', management server 1 6 reads the data stored in 
registration application area 52R, and obtains the URL 
in content server 20-1 , which corresponds to the identi- 
fication number of the application, as the storage loca- 
tion infonnation of the application. Then management 

45 server 16 transmits, to content server 20-1 , a request 
for transmitting the application (step S508). 
[0150] If the application, which is appointed to be 
downloaded, is given a reliability index of '1' or more 
than '1 ', content server20, authentication server 1 7, and 

50 management server 1 6 execute a series of operations, 
which are the same as those of 'applbatlon transmitting 
operation 1 to management server*, after step S508. On 
the contrary, if the application, which is appointed to be 
downloaded, is not given a reliability index of '1 ' or more 

55 than '1 ', content server20, authentication server 1 7, and 
management server 1 6 execute a series of operations, 
which are same as those of 'application transmitting op- 
eration 2 to management server', after step S508. As a 
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result of the series of operations, management server 
16 obtains the application (step S509). 
[0151] Next, management server 16 stores the appli- 
cation, which is obtained in step S509, in temporary cus- 
tody application area 52T (step S51 0). 
[01 52] On the contrary, in step S507, if the application , 
which is appointed to be downloaded, is found to be 
stored in application Infonnation storing unit 52, as in 
the case of the application whose identification number 
is •AP-41 26' or "AP-^SI 3', management server 1 6 skips 
the operations from step S508 to step S51 0, and moves 
to the operation in step S511 . 

[0153] Next, management server 1 6 checks whether 
the application, which is appointed to be downloaded 
and stored In application infonnation storing unit 52, Is 
encrypted or not (step S511). if the application, which is 
appointed to be downloaded, is given a reliability index 
of '1' or more than '1', the application stored in applica- 
tion Information storing unit 52 is not encrypted. If the 
application, which is appointed to be downloaded, Is not 
given a reliability index of '1' or more than '1', the appli- 
cation stored in application infonnation storing unit 52 is 
encrypted by use of the public key of mobile temnlnal 
11-1. 

[0154] In step S511, if the appointed application, 
which is stored in application infomnation storing unit 52, 
Is not encrypted, management server 1 6 transmits, to 
authentication server 17, a request for transmitting 
'PK-MT-V, namelythepubllckey of mobile terminal 11-1 
(step S51 2). In response to the request for transmitting 
the public key, authentication server 17 transmits 
'PK-MT-1' to management server 16 (step S513). 
[0155] After receiving 'PK-MT-1 ', management server 
16 attaches to the application information, which indi- 
cates the location where the application should be 
stored in memory 12 of mobile tenninal 11-1, IVloreover, 
If the application is given a reliability Index of '1' or more 
than '1', management server 1 6 also attaches the relia- 
bility index to the application. Then, management server 
16 encrypts the application by use of 'PK-MT-1' (step 
S514). Because of this encrypting operation, the appli- 
cation cannot be understood by unauthorized users 
even if the application Is wiretapped during transmission 
from rnanagement server 16 to mobile terminal 11-1, 
and unauthorized usage of the application can be pre- 
vented. 

[0156] On the contrary. In step S51 1 , if the appointed 

application, which is stored in application information 
storing unit 52, is encrypted, management server 16 
skips the operations from step S512 to step S514, and 
moves to the operation in step S515. 
[01 57] Next, management server 1 6 encrypts the en- 
crypted application again by use of 'SK-MS', namely the 
secret key of management server 16 (step S515). Be- 
cause of the encrypting operation, mobile terminal 11-1 
can confimi that the application is definitely transmitted 
by management server 1 8. That is to say, encryption 
plays the role of a certificate, which enables mobile ter- 



minal 11-1 to confimi the transmitting side of the appli- 
cation. 

[0158] Management server 16 transmits the double- 
encrypted application to mobile terminal 11-1 (step 
5 S516). 

[0159] After receiving the double-encrypted applica- 
, tion, mobile temnlnal 11-1 transmits, to authentication 
server 17, a transmission request of 'PK-MS', namely 
the public key of management server 1 6 (step S5 1 7). In 
10 response to the transmission request of the public key, 
authentication server 17 transmits 'PK-MS* to mobile 
terminal 11-1 (step S51B). 

[0160] After receiving 'PK-MS', mobile tenninal 11-1 
decrypts the double-encrypted application by use of 

15 'PK-MS* (step 861 9). If the decryption of the application 
fails, it means that the application, which mobile tenninal 
11-1 received was falsified during transmission, or the 
application was damaged due to some reason, or the 
application was transmitted by a server other than man- 

20 agement server 1 6. Therefore, In this case, mobile ter- 
minal 11-1 transmits, to management sender 16, a re- 
transmission request of the proper application. On the 
contrary, if the decryption of the application by use of 
'PK-MS' is successful, it is confimned that the application 

25 was transmitted from management server 1 6 without 
any problem. Therefore, mobile temilnal 11-1 decrypts 
the application again by use of 'SK-MT-1', namely the 
secret key of mobile tenninal 11-1 (step S520). 
[0161] According to the operations explained above, 

30 mobile tenninal 1 1 -1 obtains the application without any 
encryption and the information, indicating the location 
in memory 12 of mobile temnlnal 11-1 where the appli- 
cation should be stored. Mobile tenninal 11-1 stores the 
received application In application area 40A of applica- 

35 tion area 41 A following the Infonnation Indicating the lo- 
cation for storing the application (step S521). In step 

5521 , if a reliability Index Is attached to the received ap- 
plication, mobile terminal 11-1 records the reliability in- 
dex in reliability information area 40R of the same man- 

40 agement area 40 as the application is stored. If the ap- 
plication, which the user of mobile terminal 11-1 appoint- 
ed as an application to be deleted in step S5G6 is stored 
in the area indicated by the infonnation, the stored ap- 
plication is overwritten by the newly downloaded appli- 
es cation. Then, mobile terminal 11-1 transmits, to man- 
agement server 1 6, a notice of completion of storing the 
application (step S522). After the operation in step 

5522, mobile tenninal 11-1 displays screen D26, which 
is the nomrial screen for standby used by display unit 21 . 

50 [0162] After receiving the notice of completion of stor- 
ing the application, management sen/er 1 6 updates the 
data in user infonnation storing unit 53 and application 
infonnation storing unit 62 as follows (step S523). If any 
applicatlbn was deleted from memory 12 of mobile ter- 

55 minal 11 by the operations explained above, manage- 
ment server 1 6 moves the infonnation of the application 
registered in downloaded application area 53A to down- 
load-ready application area 53B. Management server 
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16 moves the information of the application, which is 
newly stored In memory 12 from download-ready appli- 
cation area 53B to the corresponding location in down- 
loaded application area 53A. Moreover, if the newly 
stored application is an application, which is temporarily 
stored in temporary custody application area 52T, man- 
agement server 1 6 deletes the application from tempo- 
rary custody application area 52T. 

[1 .2.4] Activation of application 

[0163] After mobile terminal 11 downloads an appli- 
cation as explained above, an activation operation 
needs to be executed for the application before the user 
of mobile temiinal 11 is able to use the application. 
[0164] Activation operation is a series of operations 
for management server 1 6 to permit memory controller 
35 of mobile tenminal 11 to use a download application. 
If an application, which Is downloaded to memory 12 of 
mobile temiinal 11 has no restriction concerning its temi 
of usage, the activation operation for the application is 
executed just after the download operation of the appli- 
cation, l-lowever, if the application has a certain condi- 
tion of starting time of usage, the activation operation 
for the application is not executed immediately after the 
download of the application, but executed after the start- 
ing time of usage begins. 

[0165] For example, If an application for the purchase 
of a commuter ticket on a certain form of public trans- 
port, which becomes valid on 1 April, is purchased on 
15 March and downloaded on 20 March by mobile ter- 
minal 11-1 , the application cannot be used between 20 
March and 31 March even if the application itself is 
stored in memory 12 of mobile temninal 11-1. At the time 
when the date changes from 31 March to 1 April, the 
activation operation for the application is executed, and 
the user of mobile terminal 11-1 Is able to use the appli- 
cation. 

[0166] Since a download operation and an activation 
operation is separated from each other, a user of mobile 
tenninal 11 can download an application at his/her con- 
venience without any restriction with regard to the period 
of validity for the usage of the application. From another 
view point, if many users of mobile terminals 1 1 need to 
download applications whose validity period for the us- 
age start on the same date and the users need to down- 
load the applications on the very date, network conges- 
tion can easily happen on communication channels be- 
tween two of management server 1 6, content server 20, 
and mobile terminal 11, because of a large number of 
users trying to download the application In a short period 
of time. However, since the size of data traffic caused 
by an activation operation is usually much smaller than 
the size of data traffic caused by the download operation 
.of an application, the possibility of a network congestion 
taking place on the starting date of the validity period 
mentioned above, can be reduced if each user of mobile 
temiinal 1 1 downloads the application at any convenient 



time before the activation operation Is executed for the 
application. Following Is an explanation of a flow of an 

activation operation. 

[0167] Following are examples of some cases where 
5 an activation operation Is to be executed. An activation 
operation is executed when an application not restricted 
by a validity period for usage is downloaded to mobile 
tenninal 11-1 . An activation operation is also executed 
when the validity period for usage of an application, 
10 which has already been downloaded to mobile terminal 
11-1, commences. Moreover, an activation operation is 
also executed when content server 20 of the application 
instructs management server 1 6 to execute the activa- 
tion operation. In the following, as an example, a flow of 
15 operations, which are executed when an activation op- 
eration is executed for an application, which is stored in 
management area 40-1 of mobile tenninal 11-1 , will be 
explained. 

[0168] First, management server 1 6 transmits an ac- 

20 tivatlon command to mobile tenninal 11-1. The activa- 
tion command contains the identification number of 
management area 40-1 in memory 12, which will be 
used for specifying the application to be activated. 
[0169] After communication unit 34 of mobile temninal 

25 11-1 receives the activation command, communication 
unit 34 transfers the command to memory controller 35. 
Until memory controller 35 receives the activation com- 
mand, memory controller 35 rejects all requests for per- 
mission to use functions of an application in application 

30 area 40A-1 or data in data area 40D-1 , which are made 
by control unit 31 of mobile terminal 11-1. Therefore, un- 
til the activation command Is received, the user of mobile 
terminal 1 1 -1 cannot use the application, which is stored 
In management area 40-1 . 

35 [0170] After memory controller 35 receives the acti- 
vation command, if memory controller 35 receives a re- 
quest for permission to use the functions of an applica- 
tion In applbatlon area 40A-1 or the data In data area 
40D-1 from control unit 31 , memory controller 35 reads 

40 the reliability index recorded in reliability Infonnation ar- 
ea 40R-1 of management area 40-1 . Next, memory con- 
troller 35 compares the reliability index of the requesting 
program, which is transmitted from control unit 31 along 
with the request for pennission to use, and the reliability 

45 index read from reliability information area 40R-1 . Only 
when the reliability Index of the requesting program is 
larger than or the same as the reliability index read from 
reliability Infonnation area 40R-1 , memory controller 35 
accepts the request, and executes suitable operations 

50 according to the request for permission to use. This con- 
trol operation of memory controller 35 using reliability 
indexes has already been explained In the preceding 
' section on the configuration of mobile terminal 11 . 
[0171] After transmitting the activation command to 

55 mobile terminal 11-1, management server 16 updates 
the value of the Item 'activation' in downloaded applica- 
tion area 53A of user information storing unit 53-1 to 
'Yes'. Then, management server 16 reads the data 
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stored in registration application area 52R, and if the val- 
ue of the item 'collection of usage charges', which cor- 
responds to the application to be activated, Is 'Yes', 
management server 16 transmits, to the charge man- 
agement server, the information of the application, such 
as the identification number of the application, the Iden- 
tification number of mobile terminal 11-1 , the time and 
date of the activation operation, and so on. 
[0172] At the same time, when mobile temilnal 11-1 
receives the activation command, mobile temilnal 11-1 
displays the letter 'a' by display unrl 21 to Infomnthe user 
of mobile terminal 11-1 that there is an application, 
which has newly become usable, as shown in screen 
D31 of Fig.26. The letter 'a' can be replaced with another 
letter such as 'P' to differentiate from the completion no- 
tice In the application purchasing operation explained 
above. This notice can also be communicated by dis- 
playing images, making sounds, vibrating the mobile 
terminal, and so on. 

[0173] The explanations In the preceding paragraphs 
refer to the activation operation. After the activation op- 
eration, if the user of mobile terminal 11-1 wants to start 
the application which has been activated, the user of 
mobile temninal 11-1 pushes appii-button 23 to make 
mobile^ terminal 11-1 display the application menu 
(screen'^D32). Next, the user of mobile temainal 11-1 
pushes button '3' to appoint the item '3.Start of applica- 
tion', and mobile tenninal 1 1 -1 displays a screen for se- 
lecting an applbation from usable applications (screen 
D33). When the screen for selecting an application is 
displayed, if the userof mobile terminal 11-1 pushes but- 
ton '1 ' to select the item ' 1 .Schedule manager Ver.2', the 
selected application becomes operable (screen D34). 

[1 .2.5] Deactivation of application 

[01 74] After an activation operation is executed for an 
application in mobile terminal 11-1, there may be in- 
stances when the use of the application needs to be dis- 
continued. For example, if mobile tenninal 11-1 is lost 
or stolen, the use of any application stored in mobile ter- 
minal 11-1 should be discontinued temporarily on the 
basis of a request from the user of mobile tenninal 11-1. 
If there is a default in the payment of the usage charges 
for an application, or if the usage conditions for an ap- 
plication are violated by the user of mobile terminal 11 -1 , 
the use of the specific application stored in mobile ter- 
minal 11-1 should be discontinued temporarily in ac- 
cordance with a request to do so, from the administra- 
tion entity of content server 20-1 or management server 
16. 

[0175] In the cases mentioned above, a deactivation 
operation is executed. In the following, as an example, 
a flow of operations which are executed when a deacti- 
vation operation Is executed for an application which is 
stored In management area 40-1 of mobile tenninal 
11-1 ,wlll be described. 

[0176] First, management server 16 transmits a de- 



activation command to mobile tenninal 11 -1 . The deac- 
tivation command contains the identification number of 
management area 40-1 in memory 12, which will be 
used for specifying the application to be deactivated. 

5 [0177] After communication unit 34 of mobile tenninal 
11-1 receives the deactivation commarid, communica- 
tion unit 34 transfers the command to memory controller 
35, After memory controller 35 receives the deactivation 
command, memory controller 35 rejects ail requests for 

10 permission to use the functions of an application in ap- 
plication area 40A-1 or the data in data area 40D-1 , 
which are made by control unit 31 of mobile terminal 
11-1. As a result, the user of mobile tennina! 11-1 will 
not be able to use the application, which is stored in 

15 management area 40-1 . 

[0178] After transmitting the deactivation commandto 
mobile temninal 11-1, management server 16 updates 
the value of the Item 'activation', in downloaded appli- 
cation area 53A of user information storing unit 53-1 to 

20 'No', Then, management server 16 reads the data 
stored in registration application area 52R, and if the val- 
ue of the item 'collection of usage charges', which cor- 
responds to the application to be deactivated, is 'Yes', 
management server 16 transmrts, to the charge man- 

25 agement server, the information on the application, such 
as the identification number of the application, the iden- 
tification number of mobile temninal 11-1 , the time and 
date of the deactivation operation, and so on. 
[0179] The explanations In the preceding paragraphs 

30 refer to the deactivation operation. After receiving a de- 
activation command, mobile terminal 11-1 does not dis- 
play the name of the corresponding application on the 
screen for selecting an application from usable applica- 
tions. If the application for which a deactivation opera- 

35 tion is executed, needs to be used by the user of mobile 
terminal 11-1 again, the activation operation explained 
above needs to be executed for the application. For ex- 
ample, when a lost mobile terminal 11-1 is found or when 
the default of payment of usage charges for the appli- 

40 cation is resolved, an activation operation is executed 
again, but the applications, which are downloaded and 
stored in memory 1 2 of mobile terminal 1 1 -1 and the da- 
ta, which are managed by the applications, become us- 
able again when the deactivation operation is executed. 

45 

[1.2.6] Deletion of application 

[01 80] There are some instances where the use of an 
application in mobile terminal 11-1 needs to be stopped 

50 permanently. For example, if the user of mobile terminal 
11-1 decides to cancel a purchase contract of an appli- 
cation, use of the application should be stopped penna- 
nently. In the same way, when the validity period of us- 
age of an application expires, or when the user of mobile 

55 terminal 11-1 commits a serious violation of the usage 
conditions of an application, use of the application 
should also be stopped permanently. In these instances, 
the application is deleted from memory 1 2 of mobile ter- 
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minal 11-1, and at the same time, infomiation of the de- 
leted application registered in download-ready applica- 
tion area53B of user information storing unit 53-1 is also 
deleted. Following is an example, of a flow of operations, 
which are executed when a deleting operation is exe- 
cuted for an application stored in management area 
40-1 of mobile terminal 11-1. 

[0181] First, management server 16 reads the data 
stored in downloaded application area 53A of user in- 
formation storing unit 53-1 , and checks whether the ap- 
plication to be deleted is stored in memory 12 of mobile 

terminal 11-1. 

[01 82] If the application is stored in memory 1 2 of mo- 
bile temninal 11-1, management server 16 transmits a 
deletion command to mobile terminal 11 -1 . 
[01 83] The deletion command contains the identifica- 
tion number of management area 40-1 , which will be 
used for specifying the application that has to be delet- 
ed. After receiving the deletion command, communica- 
tion unit 34 of mobile terminal 11-1 transfers the com- 
mand to memory controller 35, When memory controller 
35 receives the deletion command, memory controller 
35 deletes the application and the data of the application 
in management area 40-1 which is appointed by the 
identification number. After the deleting operation, 
memory controller 35 of mobile terminal 11-1 transmits 
a completion notice of deletion to management server 
1 6. When management server 1 6 receives the comple- 
tion notice of deletion, management server 16 deletes 
infonnation on the application from downloaded appli- 
cation area 53 A of user infonnation storing unit 53-1 . 
[0184] On the contrary, if the application to be deleted 
is not stored in memory 1 2 of mobile temninal 11-1, man- 
agement server 16 deletes Information on the applica- 
tion from download-ready application area 53 B of user 
information storing unit 53-1 . 

[0185] Next, management server 16 reads the data 
stored in registration application area52R, and if the val- 
ue of the item 'collection of usage charges' of the appli- 
cation Is 'Yes', management server 16 transmits, to the 
charge management server, information on the applica- 
tion such as identification number of the application, 
identification number of mobile terminal 11-1, the time 
and date of the deleting operation, and so on. 
[0186] The explanations in the preceding paragraphs 
are related to the deleting operation. After the deleting 
operation, mobile terminal 11-1 does not display the 
name of the corresponding application on the screens 
for selecting an application for starting and download- 
ing. 

[1 .3] Coordinated operations between applications 
using reliability indexes 

[01 87] In the following description, a method for coor- 
dinating operations of a plurality of applications by use 
of their reliability indexes wilt be explained using exam- 
ples. 



[0188] As already mentioned, a plurality of applica- 
tions are stored. in memory 12 of mobile temiinal 11-1 , 
and each application stored in management area 40 is 
given a reliability index of one integer between '1' and 

5 '5'. And the reliability index is recorded in reliability in^ 
formation area 40R. The larger the value of the reliability 
index, the higher is the reliability of the application. An 
application with a high reliability can use functions and 
data of an application whose reliability is low. On the 

10 contrary, an application whose reliability is low cannot 
use functions or data of an application whose reliability 
is high. Control programs, which are managed by con- 
trol unit 31 of mobile temninal 11 and stored in control 
memory 32, are given reliability index '5'. Regarding ap- 

15 plications stored in free area 41 , no reliability index is 
recorded, and when the reliability of an application 
stored in free area 41 and the reliability of another pro- 
gram need to be compared to each other, '0' is adopted 
as a reliability index for an application stored in free area 

20 41. 

[1 .3.1] A case where coordinated operations of 
applications are not permitted 

25 [0189] Following is an example, of an instance where 
an application with a smaller reliability index cannot use 
functions or data of an application with larger reliability 
index. Fig.27, Fig.28, Fig.29, Fig.30, and Fig.31 illus- 
trate the example. 

30 [0190] In application area 40A of management area 
40-1 of mobile temninal 1 1 -1 , an application for the pur- 
chase of a commuter ticket on a certain form of public 
transport (referred to as 'pass application' hereinafter) 
is stored. An activation operation has already been ex- 

35 ecuted for the pass application, and the pass application 
can be readily used when purchased. By using the pass 
application, the user of mobile terminal 11-1 can open 
the home page of 'abc Railroad Company', through 
which the user can purchase a commuter ticket, as well 

40 as get other related infonnation such as timetables etc. 
If the user of mobile terminal 11-1 purchases a commut- 
er ticket through the above-mentioned pass application, 
the ticket functions in the forni of radio signals, which 
the mobile terminal sends to a ticket gate machine of 

45 'abc Railroad Company', in response to corresponding 
radio wave signals sent by the ticket gate machine, as 
the user of the mobile terminal approaches the ticket 
gate, which opens automatically if the two radio signals 
match. Namely, mobile tenninal 11-1 itself takes on the 

50 role of a commuter ticket. In this example, the reliability 
index of the pass application is '3'. 
[0191] In application area 40A of management area 
40-2, an application, which can perfomri the function of 
settling payment (referred to as 'settlement application' 

55 hereinafter) is stored. An activation operation has al- 
ready been executed for the settlement application, and 
the settlement application can be readily used. By use 
of the settlement application, the user of mobile tenninal 
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11-1 can open the home page of 'xx Bank' and In the 
home page, the user can remit money from his/her ac- 
count to another account. The reliability index of the set- 
tlement application is '5'. 

[0192] The user of mobile tenninai 1 1 -1 pushes appli- 
button 23 to make mobile tenninai 11-1 display the ap- 
plication menu (screen D41) on display unit 21. Next, 
when screen D41 Is displayed, the user pushes button 
'3' to make mobile terminal 11-1 display a screen for se- 
lecting an application for starting (screen D42). When 
screen D42 is displayed, the user pushes button '1 ' and 
selects the pass application. Mobile terminal 1 1 -1 starts 
the pass application, and the pass application opens the 
home page of 'abc Railroad Company' (screen D43). 
[0193] When screen D43 is displayed, the user push- 
es button '3' to select the item '3. Purchase of commuter 
ticket', and mobile tenninai 1 1 -1 displays screen D44. In 
screen 044, the user inputs data conceming section of 
usage and tenn of usage of desired commuter ticket us- 
ing operating unit 22, and pushes button '9* to transmit 
an instruction of purchase of the commuter ticket to the 
home page of 'abc Railroad Company'. 
[0194] Then, the pass application searches applica- 
tions in memory 12 of mobile terminal 11-1, which can 
settle payments as explained below. Control unit 31, 
which executes the pass application transmits requests 
for reading applications stored In management areas 

40, excluding management area 40-1 , and free areas 

41 , along with the identif k:ation number of management 
area 40-1 , to memory controller 35. 

[0195] When memory controller 35 receives the re- 
quests for reading applications in management areas 
40 and free areas 41 from control unit 31 , memory con- 
troller 35 reads the reliability index from reliability infor- 
mation area 40R of management area 40-1 using the 
identification information of management area 40-1, 
which is received from control unit 31 along with the re- 
quests. In this case, the reliability index is *3'. This reli- 
ability index will be referred to as 'reliability Index of re- 
questing application' hereinafter. 
[01 96] Next, memory controller 35 reads the reliability 
indexes from reliability information areas 40 R of man- 
agement area 40-2, management area 40-3, — , and 
management area 40-n, as the applications requested 
to be read, are stored in these areas. However, regard- 
ing free area 40-1, free area 40-1, — , and free area 
40-m, reliability index '0' is adopted as reliability indexes 
forthe applications in these areas, as no reliability index 
is given to them. The reliability indexes obtained by this 
operation will be referred to as 'reliability indexes of re- 
quested applications' hereinafter. 
[01 97] Next, memory controller 35 compares the reli- 
ability index of the requesting application and each of 
the reliability indexes of the requested applications. If 
the reliability index of the requesting application Is larger 
than or the same as the reliability index of the requested 
application, namely If the reliability index of the request- 
ed application is '3' or less than '3', memory controller 



35 reads and transmits the requested application to con- 
trol unlt31 according to the request. Othenvise, memory 
controller 35 transmits a notice of rejection to control unit 

31. 

5 [0198] In this example, the settlement application, 
which can settle payments, is stored in management ar- 
ea 40-2, but the reliability Index of the requested appli- 
cation for management area 40-2 is '5'. Therefore, mem- 
ory controller 35 rejects the request of the pass applica- 

10 tion for reading the settlement application. As a result, 
the pass application cannot recognize the existence of 
the settlement application. Therefore, the pass applica- 
tion fails to find an application, which can settle pay- 
ments in memory 12, and mobile terminal 11-1 displays 

15 screen D45. In screen D45, the user is requested to 
complete remittance of the payment by himself/herself. 
The user writes down the information shown in screen 
D45 on a piece of paper, etc., and pushes button '9' to 
quit the pass application. As a result, the normal screen 

20 shown as screen D46 is displayed by display unit 21 . 
[0199] When screen 046 is displayed, the user push- 
es appli-button 23 to make mobile tenninai 11-1 display 
the application menu (screen D47). When screen D47 
is displayed, the user pushes button '3', and makes mo- 

25 bile terminal 11-1 display a screen for selecting an ap- 
plication for starting (screen D48). When screen D48 is 
displayed, the user pushes button '2' and selects the set- 
tlement application. Then, mobile tenninai 11-1 starts 
the settlement application, and opens the home page of 

30 "xx Bank' (screen D49). 

[0200] In screen D49, the user inputs a password, and 
makes mobile terminal 1 1 -1 display a screen for select- 
ing an operation (screen D50). When screen D50 is dis- 
played, the user pushes button '3' to select the Item 

35 '3. Remittance', and screen D51 is displayed. In screen 
D51, the user inputs the information for remitting the 
payment to 'abc Railroad Company' which the user 
wrote down, and pushes button '9' to transmit the remit- 
tance order to the home page of 'xx Bank', "xx Bank* re- 

40 ceives the remittance order from mobile terminal 11-1 
through the home page, and remits the payment to the 
appointed account of 'abc Railroad Company' following 
the remittance order. Then, in display unit 21 of mobile 
tenninai 11-1, screen D52 is displayed. On the other 

45 hand, 'abc Railroad Company' confirms the remittance 
from 'xx Bank', and completes the operation for pur- 
chase of the commuter ticket by mobile terminal 11-1 
updating the infonnation on purchase history of mobile 
terminal 11-1 . 

50 [0201] When screen D52 is displayed, button '9' is 
pushed and mobile tenninai 11-1 displays the ordinary 
screen for standby shown as screen D53. When screen 
D53 is displayed, the user pushes appii-button 23 again 
to make mobile terminal 11-1 display the application 

55 menu (screen D54). When screen D54 is displayed, the 
user pushes button '3' to make mobile terminal 11-1 dis- 
play a screen for selecting an application for starting 
(screen D55). When screen D55 Is displayed, the user 
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pushes button 'V to start the pass application (screen 
D56). 

[0202] When screen D56 is displayed, If the user 
pushes button '4' to select the item '4.Reference of pur- 
chase history', mobile temriinal 11-1 displays screen 
D57. When screen D57 is displayed, if the user pushes 
button '1', mobile terminal 11-1 displays detailed infor- 
mation on the status of the purchase of the commuter 
ticket (screen D58}. In screen D58, the user can confirm 
that the remittance for the purchase of the commuter 
ticket has been confirmed by 'abc Railroad Company' 
and the operation for purchasing the commuter ticket 
has been completed successfully. Then, the user push- 
es button '9', and mobile terminal 11-1 displays the or- 
dinary screen shown as screen D59 on display unit 21 . 

[1 .3.2] A case where coordinated operations of 
applications are permitted 

[0203] The following example describes a case where 

an application with a larger or the same reliability index 
can use functions or data of an application with a smaller 
or the same reliability index. Fig.32, Fig.33, and Fig.34 
illustrate the example. 

[0204] In application area 40A of management area 
40-1 of mobile terminal 11-1 , an application, which can 
function as mail-order shopping (referred to as 'mail-or- 
der application' hereinafter) is stored. An activation op- 
eration has already been executed for the mail-order ap- 
plication, and the mail-order application can now be 
readily used. By use of the mail-order application, the 
user of mobile terminal 11-1 can open the home page 
of 'Cyber Shop zz', and in the home page, the user can 
purchase various kinds of commodities. The reliability 
Index of the mail-order application is '4'. 
[0205] In applbation area 40A of management area 
40-2, as in the previous example, the settlement appli- 
cation is stored. An activation operation has already 
been executed for the settlement application, and the 
settlement application is now ready to be used. The set- 
tlement application will be referred to as 'settlement ap- 
plication 1 ' hereinafter. The reliability index of settlement 
application 1 is '4'. 

[0206] In application area 40A of management area 
40-3, an application, which performs the function of set- 
tling payments by credit (referred to as 'credit applica- 
tion' hereinafter) is stored. An activation operation has 
already been executed for the credit application , and the 
credit application is now ready to be used. By use of the 
credit application, the user of mobile terminal 11-1 can 
open the home page of 'cc Credit Company*, and in the 
home page, the user can order settlement of payments 
by credit. The reliability index of the credit application is 
'4'. 

[0207] In application area 40 A of management area 
40-4, an application, which has the same kind of function 
as that of settlement application 1 , is stored. The appli- 
cation can open the home page of 'kk Bank' instead of 
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'xx Bank', and in the home page, the user can order sev- 
eral operations such as remittance of payments. An ac- 
tivation operation has already been executed for the ap- 
plication, and the application is now ready to be used. 
. 5 The settlement application will be referred to as 'settle- 
ment application 2' hereinafter. The reliability Index of 
settlement application 1 is '5*. 

[0208] First, the user of mobile tenninal 11-1 pushes 
appli-buttop 23 to make display unit 21 display the ap- 

10 plication menu (screen D71). When screen D71 is dis- 
played, the user pushes button '3' to make mobile ter- 
minal 1 1 -1 display a screen for selecting an application 
for starting (screen D72). When screen D72 is dis- 
played, the user pushes button '1' to select the mail-or- 

15 der application. Mobile tenninal 11-1 starts the mail-or- 
der application , and the mail-order application opens the 
home page of 'Cyber Shop zz' (screen D73). When 
screen D73 is displayed, if the user pushes button '2' to 
select the purchase of beef, the mail-order application 

20 displays a screen for Inputting infonnation of delivery 
destination of the ordered commodity (screen D74). In 
screen D74, the user inputs information of delivery des- 
tination of the purchased commodity, and pushes button 
'9'. Then, the mail-order application searches applica- 

25 tions in memory 12 of mobile tenninal 11-1 , which can 
settle payments. In the following example it is supposed 
that the user has Input '1-1-1 Shinjyuku-ku, Tokyo' as 
delivery destination. The flow of operations that follow 
in this case, for searching applications, which can settle 

30 payments Is the same as the flow of operations ex- 
plained above with regard to the pass application. 
[0209] In the operation for searching applications, 
which can settle payments, the reliability index of the 
mail-order application of the requesting side of the re- 

35 quests for reading other applications in memory 12, is 
'4'. Since the reliability index of settlement application 
1 , which Is one of the receiving sides of the requests for 
reading applications, is '4', memory controller 35 ac- 
cepts the request from the mail-order application to be 

40 able to read settlement application 1 , and transmits in- 
formation on the functions of the settlement application 
1 to control unit 31 , which executes, the mail-order ap- 
plication. Similarly, the reliability index of the credit ap- 
plication also being '4', memory controller 35 transmits 

45 information on functions of the credit application to con- 
trol unit 31 . On the contrary, the reliability index of set- 
tlement application 2 is '5', and it is larger than the reli- 
ability Index of the mail-order application of the request- 
ing side, namely '4*. Therefore, memory controller 35 re- 

50 jects the request of control unit 31 for reading settlement 
application 2, and the information on functions of settle- 
ment application 2 Is not transmitted to the mail-order 
application. As a result, the mail-order application rec- 
ognizes that settlement application 1 and the credit ap- 

55 plication can be used as applications for settling pay- 
ments, and displays screen D75. 
[0210] In screen D75, if the user decides to use set- 
tlement application 1 for settling the payment, and push- 
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es button '1\ the mail-order application transmits a re- 
quest for permitting to read settlement application 1 to 
memory controller 35. At the same time, the mall-order 
application gives, to settlement application 1, an order 
of transaction, which should be executed by settlement 5 
application 1 and necessary Information for executing 
the transaction. To put it more concretely, control unit 
31 , which executes the mail-order application, requests 
memory controller 35 to write an order for a remittance 
operation to be carried out, and the necessary infomna- io 
tion for the remittance operation in data area 40D-2 of 
management area 40-2, which is allotted to settlement 
application 1 . The information for the remittance con- 
tains information as follows: the amount is 5,000 yen, 
the receiver is 'Cyber Shop xx', the receiving account is 
a saving account in 'nn Bank* whose account number is 
'41 256378', the purpose is payment for 1 kg of beef, and 
the delivery destination of the commodity Is '1 -1 -1 Shln- 
jyuku-ku, Tokyo'. 

[0211] iVIemory controller 35 compares the reliability 20 
index of the requesting application of the reading re- 
quest and the writing request, and the reliability index 
of the requested application of the requests, and ac- 
cepts the requests. As a result, control unit 31 executes 
settlement application 1 . 

[0212] Then, settlement application 1 requests the us- 
er of mobile terminal 11-1 to input a password for au- 
thentication of personal identification, by displaying 
screen D76. In screen D76, if the user of mobile temiinal 
11-1 inputs a correct password, settlement application 30 
1 displays screen D77. In this step, the necessary infor- 
mation for the remittance is read by settlement applica- 
tion 1 from data area 40D-2 of management area 40-2, 
and the infonnation has already been input in screen 
D77. Therefore, the user does not need to input the In- 35 
formation. 

[0213] When screen D77 is displayed, the user con- 
firms the infonnation for the remittance, and pushes but- 
ton '9'. Then, settlement application 1 transmits an order 
of the remittance to the home page of 'xx Bank'. In this 40 
step, settlement application 1 also transmits the neces- 
sary infonnation for the remittance such as the informa- 
tion of purchased commodity, the delivery destination of 
the purchased commodity, etc. to the home page of 'xx 
Bank'. 45 
[021 4] When !xx Bank' receives the order of the remit- 
tance, the information of purchased commodity, the de- 
livery destination of the purchased commodity, etc. from 
mobile temiinal 11-1 through the home page, 'xx Bahk* 
remits the appointed payment to 'Cyber Shop zz' along so 
with the infonnation of purchased commodity, the deliv- 
ery destination of the purchased commodity, etc. 'Cyber 
Shop zz' confinns the remittance from 'xx Bank', and it 
is Infonned that 1kg of beef is ordered to be delivered 
to '1 -1 -1 Shinjyuku-ku, Tokyo'. As a result, 'Cyber Shop 55 
zz' proceeds with a delivery operation for the purchased 
commodity, and transmits to mobile terminal 11 -1 a con- 
firmation of payment for the purchase, along with infor- 



mation such as the date of delivery and the ordering 
number. 

[0215] When settlement application 1, which is exe- 
cuted by control unit 31 of mobile terminal 11-1, receives 
the conflnnation of payment from 'Cyber Shop zz', set- 
tlement application 1 transmits to memory controller 35 
a request for executing the mail-order application, which 
called settlement application 1 , and a request for writing 
information, such as the date of delivery and the order- 
ing number, In data area 40D-1 , which Is managed by 
the mall-order application. In this step, memory control- 
ler 35 also compares the reliability index of the request- 
ing application and the reliability Index of the requested 
application, and accepts the requests. As a result, con- 
trol unit 31 starts the mail-order application, which was 
closed in the middle of a series of operations, and the 
mail-order application displays screen D78 after reading 
the date of delivery and the ordering number from data 
area 40D-1. When screen D78 is displayed, the user 
confirms the information, which is sent from 'Cyber Shop 
zz', and pushes button '9', Then mobile tenninal 11-1 
ends the operation and displays the ordinary screen 
shown as screen D79. 

[0216] As explained above, an application, which is 
given a high reliability value, is allowed to obtain high 
value infonnation such as monetary infonnation and 
personal infonnation from other applications directly, 
and allowed to call functions of other applications, which 
manage high value information. Moreover, if a reliability 
Index of an application Is '5', the application is allowed 
to call control applications, which are stored in control 
memory 32, and to use data, which are managed by the 
control programs. As a result, the operations that users 
must perfonn, can be simplified. Regarding information 
security, as already explained, only the applications 
which pass examinations conducted by the administra- 
tion entity of management server 16 are given a high 
reliability value, and the administration entity of man- 
agement server 16 checks, if necessary, whether the 
applications, which are given a high reliability value are 
falsified or not. Therefore, users can be guaranteed se- 
curity when using applications with high value informa- 
tion. 

[2] Second embodiment 

[0217] As explained below, the only difference be- 
tween the first and the second embodiments, Is that, in 
the second embodiment, reliability related information 
instead of reliability indexes, is used for coordinating op- 
erations. To a large extent, the features of the second 
embodiment are the same as those of the first embodi- 
ment, therefore only the aspects, which are different be- 
tween the two embodiments, will be described. In the 
following explanation, names and symbols, which are 
used for various components in the first embodiment, 
will be used for all the corresponding components in the 
second embodiment without any alteration. 
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[2.1] Configuration and functions of authorization data 

[0218] . In the second embodiment, when the adminis- 
tration entity of management server 16 is requested to 
examine an application of content server 20, the admin- 
istration entity of management server 1 6 determines the 
rights for reading the application, the rights for reading 
data, the rights for editing data, and the rights for delet- 
ing data with regard to the newly examined application 
and each of the applications, which were examined in 
the past. 

[0219] Following is an example, where an application, 
whose identification number is 'AP-3568', is newly ex- 
amined. The application will be referred to as 'applica- 
tion AP-3568', in the same manner that other applica- 
tions are also referred to by their identification numbers. 
Fig. 35 gives an example of data indicating rights for ap- 
plication 'AP-3568' and will be referred to as 'authoriza- 
tion data' hereinafter. 

[0220] The data in the first column of Fig.35 Indicate 

applications allowed to be read by application 'AP- 
3568'. For example, if control unit 31 needs to use any 
function of application 'AP-3712' when application 'AP- 
3568' Is under execution, control unit 31 transmits to 
memory controller 35 a request for permitting to read 
application 'AP-3712'. Application 'AP-371 2' is indicated 
in the first column of authorization data for application 
'AP-3568'. On the basis of the data, memory controller 
35 accepts the request for permitting to read application 
'AP-3712' when memory controller 35 receives the re- 
quest. After accepting the request, memory controller 
35 reads application 'AP-3712' from application area 
40A of management area 40, and transmits It to control 
unit 31. 

[0221] The data in the second column of Ftg.35 indi- 
cate applications whose data application 'AP-3568' is al- 
lowed to read. For example, if control unit 31 needs to 
use any data of application •AP-8125' when application 
'AP-3568' is under execution, control unit 31 transmits 
to memory controller 35 a request for pennitting to read 
data of application !AP-8125', Application 'AP-8125' is 
Indicated in the second column of the authorization data 
for application 'AP-3568'. On the basis of the data, mem- 
ory controller 35 accepts the request for pemnitting to 
read the data of application 'AP-3712' when memory 
controller 35 receives the request. After accepting the 
request for pennitting to read the data, memory control- 
ler 35 reads the requested data from data area 40D of 
management area 40 where application 'AP-8125' is 
stored, and transmits the data to control unit 31 . 
[0222] The data in the third column of Fig.35 indicates 
applications whose data application 'AP-3568' is al- 
lowed to edit, and data in the fourth column of Fig.35 
indicates applications whose data application 'AP-3568' 
is allowed to delete. 

[0223] On the contrary,. the data in the fifth column of 
Fig.35 Indicates applications, which are allowed to read 
application 'AP-3568'. For example, if control unit 31 



needs to use any function of application 'AP-3568' when 
application 'AP-431 5' is under execution, control unit 31 
transmits to memory controller 35 a request for pemnit- 
ting to read application 'AP-3568'. Application 'AP-431 5' 

5 is indicated in the fifth column of authorization data for 
application 'AP-3568', On the basis of the data, memory 
controller 35 accepts the request for permitting to read 
application 'AP-3568' when memory controller 35 re- 
ceives the request. After accepting the request, memory 

10 controller 35 reads application 'AP-3568' from applica- 
tion area 40 A of management area 40, and transmits it 
to control unit 31 . 

[0224] Similarly, the data in the sixth column of Fig.35 
indicates applications, which are allowed to read the da- 

15 ta of application •AP-3568'; the data In the seventh col- 
umn of Fig.35 Indicates applications, which are allowed 
to edit the data of application 'AP-3568'; and the data in 
the eighth column of Fig.35 indicates applications, 
which are allowed to delete the data of application 'AP- 

20 3568'. 

[2.2] Registration and update of reliability related 
information 

25 [0225] As shown in Fig.36, registration application ar- 
ea 52 R of application infonnation storing unit 52 of man- 
agement server 1 6 has the item 'reliability related infor- 
mation', instead of tiie item 'reliability index' as in the 
first embodiment. When the administration entity of 

30 management server 16 completes the examination of 
application 'AP-3568', it inputs authorization data, 
shown in Fig.35, into management server 1 6. After the 
authorization data are Input into management server 1 6, 
management server 1 6 creates a new record for appli- 
es cation 'AP-3568' in registration application area 52R, 
and stores the data of the fifth, the sixth, the seventh, 
and the eighth columns of the authorization data in the 
Item 'reliability related infonnation' of the new record. 
[0226] Next! management server 1 6 updates the data 

40 in the item 'reliability related information, which corre- 
spond to applications indicated in any of the columns 
from the first column to the fourth column of the author- 
ization data. For example, since application 'AP-3712' 
is indicated in the first column of the authorization data 

45 of application 'AP-3568', management server t6 adds 
the identification number of application 'AP-3568' to the 
sub-item 'reading application' In the Item 'reliability re- 
lated Information' of the record con-espondlng to appli- 
cation 'AP-3712' in registration application area 52R. 

50 [0227] Next, management server 1 6 reads the data in 
downloaded application area 53A of each of user infor- 
mation storing unit 53-1 , user information storing unit 
53-2, and user infonnation storing unit 53-k. Then, 
from each of the columns, from the first column to the 

55 fourth column of the authorization data of application 
'AP-3568', management server 1 6 lists up all user infor- 
mation storing units 53, whose data of the item 'reliability 
related infonmation' were updated In the above-men- 
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tioned operation. Namely, management server 16 lists 
up all of user Information storing units 53, which contain 
identification numbers of applications Indicated in the 
authorization data of application 'AP-3568'. Then, man- 
agement server 1 6 adds the identification number of ap- 
plication 'AP-3568' to the corresponding sub-item of the 
item 'reliability related infonnation' of user information 
storing units 53 which are listed up. Then, management 
server 16 transmits a notice that the identification 
number of application 'AP-3568' was added to the item 
'reliability related information', to mobile tenninals 11, 
which correspond to user information storing units 53 to 
which the identification number of application 'AP-3568' 
was added. For example, according to the data of user 
Infomiation storing unit 53-1 shown in Fig.7, mobile ter- 
minal 11-1 stores application 'AP-0123' in application ar- 
ea 40A-2 of management area 40-2 of memory 12. Ap- 
plication 'AP-0123' is indicated in the first column of the 
authorization data shown in Fig.35, and application 'AP- 
3568', which is newly examined, is given a right to read 
application 'AP-0123'. Therefore, management server 
1 6 transmits, to mobile terminal 11-1, a notice that the 
identification number of application •AP-3568' was new- 
ly entered in the sub-item 'reading application' of the 
item 'reliability related information' corresponding to ap- 
plication 'AP-0123' in user infonnation storing unit 53-1 . 
[0228] When mobile tenninal 11 downloads an appli- 
cation, which has passed the examination of its con- 
tents, into memory 1 2, reliability related Information cor- 
responding to the application is also downloaded into 
mobile terminal 11 along with the application. Memory 
controller35 of mobile temiinal 11 records the reliability 
related information, which was downloaded along with 
the application, in reliability infonrtatlon area 40R of 
management area 40 allotted to the application. 
[0229] As mentioned in the preceding example, when 
mobile tenninal 11-1 receives a notice from manage- 
ment server 1 6 that the Identification number of appli- 
cation 'AP-3568' has been newly entered in the sub-item 
'reading application' of the item 'reliability related infor- 
mation' in user information storing unit 53-1 , which cor- 
responds to application 'AP-0123', memory controller 35 
of mobile terminal 11-1 Includes the identification 
number of application 'AP-3568' in the item 'reading ap- 
plication' of the data stored in reliability information area 
40R-2 of management area 40-2, which is allotted to ap- 
plication 'AP-0123'. 

[0230] According to the above-mentioned operations, 
the data stored in registration application area 52R of 
application infonnation storing unit 52 and the data re- 
corded in reliability infonnation area 40R of manage- 
ment area 40 of each mobile tenninal 11 are always up- 
dated and only new data is kept. 

[2.3] Coordinated operations between applications 
using reliability related information 

[0231] When an application needs to use functions or 



data of another application in mobile terminal 11 , control 
unit 31 transmits a request for permitting to use the ap- 
plication, or the data of the application, as well as the 
identification number of the memory area where the ap- 

5 plication, which has been requested, is stored (referred 
to as 'requested application's area number" hereinafter), 
and the identification number of the application, which 
makes the request, to memory controller 35. 
[0232] If the memory area, which is appointed by the 

10 requested application's area number, is one of the mem- 
ory areas of management areas 40, memory controller 
35, when receiving the request from control unit 31 , 
reads the reliability related information from reliability in- 
formation area 40R of management area 40 allotted to 

15 the requested application. Next, memory controller 35 
checks whether the identification number of the request- 
ing application is contained in the item, which corre- 
sponds to the content of the request in the reliability re- 
lated infonnation. For example, if control unit 31, which 

20 is under the execution of app lication ' AP-2568' transmits 
to memory controller 35 a request for pemriitting to read 
application 'AP-0123' stored in application area 40A-2, 
memory controller 35 reads the reliability related infor- 
mation from reliability information area 40R-2. and 

25 checks whether the identification number of application 
'AP-2568' is contained in the item 'reading application' 
of the reliability related information. If the identification 
number of the requesting application is contained in the 
con-esponding item, memory controller 35 accepts the 

30 request of control unit 31 , and executes operations fol- 
lowing the request. On the contrary, if the identification 
number of the requesting application is not contained in 
the Item 'reading application', memory controller 35 re- 
jects the request of control unit 31 . 

35 [0233] According to the operations of memory control- 
ler 35 carried out by using reliability related information 
as explained above, operations, which are coordinated 
between applications, can be managed with flexibility. 

40 [3] Third embodiment 



[0234] In the third embodiment, the flow of operations 
for delivering an application Is different from that of the 
first embodiment, but to a large extent the features of 
the third embodiment are the same as those of the first 
embodiment. Therefore, the following description will 
cover only those aspects of the third embodiment, which 
are different from the first embodiment; while names and 
symbols used for components of the third embodiment, 
which correspond with those of the first embodiment will 
be used without any alteration. 
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[3,1] Overall configuration of application delivery system 

[0235] In the third embodiment, just as in the first em- 
bodiment, when the administration entity of content 
server 20 requests an examination of an application, the 
application is examined by the administration entity of 
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management server 16, and a reliability Index is given 
to the application. However, in the third embodiment, af- 
ter the reliability index is given to the application, the 
administration entity of management server 1 6 creates 
a message digest of the application by use of a hash 
function. Since a data set created from an original data 
set by use of a hash function is irreversible, an applica- 
tion cannot be restored from a message digest of the 
application. However, there Is almost no possibility of 
the same message digest being created from applica- 
tions having different contents, as contents of each ap- 
plication almost certainly differ, however slightly. There- 
fore, if any part of the content of an application is 
changed, the message digest created from the original 
application by use of a hash function, and the message 
digest created from the changed application by use of 
the same hash function will not be the same. Since the 
size of a message digest Is usually much smaller than 
that of the application corresponding to the message di- 
gest, message digests do not require large storage 
space, and can be transmitted more quickly. The admin- 
istration entity of management server 1 6 stores the cre- 
ated message digest in application Information storing 
unit 52 along with the reliability index of the application. 
Fig. 37 shows an example of data stored in application 
infonnation storing unit 52 in the third embodiment. 
However, Fig. 37 does not show the item 'publication*, 
because in the third embodiment, management server 
1 6 does not publicize to mobile terminal 11 , the infomna- 
tion on applications, which are given reliability Indexes. 
[0236] Furthermore, in the third embodiment, applica- 
tions themselves are not stored In application informa- 
tion storing unit 52, as they are done in the first embod- 
iment, but are stored in content servers 20, which are 
providers of the applications. Therefore, in the data for- 
mat shown in Fig. 37, no application is listed in the item 
'storage location Infonnation', but only URLs, which in- 
dicate the storage location of each application, are 
stored. 

[0237] In addition, in the third embodiment, content 
servers 20, which are providers of applications, always 
delivertheir applications directly to each mobile terminal 
11. In the third embodiment, therefore, it is not neces- 
sary to create temporary custody application area 52T 
in application information storing unit 52 of management 
server 16. Also, the item 'storage number' listed in user 
infomiatlon storing unit 53 of management server 16, 
which is present in the first embodiment for specifying 
each application stored in temporary custody applica- 
tion area52T, is not included in the third embodiment as 
this is also unnecessary. Flg.38 is a diagram showing a 
configuration of the application information manage- 
ment system in the third embodiment, and Fig.39 is a 
format chart showing an example of data stored in user 
information storing unit 53 in the third embodiment. 
[0238] Moreover, in the third embodiment, when 
memory controller 35 of mobile terminal 11-1 receives 
a message digest from management server 1 6, memory 



controller 35 stores the message digest temporarily. 
Then, when memory controller 35 of mobile temriinal 
11-1 receives an application, which is given a reliability 
index of '1 ' or more than '1 ' through communication unit 
5 34, memory controller 35 creates a message digest of 
the received application, and verifies the newly created 
message digest against the message digest, which was 
received from management server 1 6. 

10 [3.2] Delivery of application 

[0239] A series of operations, to be executed when 
the user of mobile tenninal 11-1 purchases and down- 
loads an application, which Is given a reliability index of 

15 '1 • or more than '1 ', and whose provider is content server 
20-1 , will be described with reference to Fig.40, Flg.41 , 
and Fig. 42. The screens displayed by display unit 21 of 
mobile terminal 11-1 in the flow of operations, which are 
explained below, are the same as those in Fig.21 , which 

20 were used for explaining the download operation in the 
first embodiment. Therefore, Fig.21 is also refen-ed to 
in the following explanation. 

[0240] The user of mobile tenninal 11-1, for example, 
displays a home page of content server 20-1 in mobile 

25 terminal 11-1, and applies for purchasing the application 
given in the home page (step S601). The user of mobile 
tenninal 11-1 also follows the procedure for settling the 
usage charges of the application. 
[0241] Content server 20-1 checks whether the con- 

30 tents of purchase request meet the requirements, and 
If the contents of purchase request meet the require- 
ments, content server 20-1 transmits, to management 
sender 1 6, a notice of acceptance for purchasing the ap- 
plication (step S602). The notice of acceptance for pur- 

35 chasing the application contains the identification 
number of mobile terminal 11-1, which purchases the 
application, and the identification number of the pur- 
chased application . When content server 20-1 transmits 
the notice of acceptance, content server 20-1 records 

40 the identification number of mobile terminal 11-1 , whose 
request for purchasing the application is accepted. 
[0242] After receiving the notice of acceptance from 
content server 20-1, management server 16 specifies 
the mobile tenninal, which purchased the application, 

45 according to the identification number of the mobile ter- 
minal contained In the received notice of acceptance. 
Next, management server 16 registers the identification 
number of the application contained in the notice of ac- 
ceptance in download-ready application area 53 of user 

50 information storing unit 53-1 , which corresponds to mo- 
bile temnlnal 11-1 (step S603). 

[0243] Next, management server 1 6 transmits a com- 
pletion notice of operations for purchasing the applica- 
tion, to mobile tenninal 11-1 (step S604). When mobile 
55 terminal 11-1 receives the completion notice of opera- 
tions for purchasing the application, mobile tenninal 
11-1 displays the letter 'a' on display unit 21 for informing 
the user of mobile terminal 11-1 that the newly pur- 
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chased application Is ready to be downloaded from 
management server 1 6. 

[0244] If the purchased application Is an application 
whose usage charge is managed by management serv- 
er 16, management server 16 transmits, to the charge 
management server, the Information of the purchased 
application such as the identification number of the ap- 
plication, the identification number of mobile terminal 
11-1, time and date of purchase of the application, etc. 
(step S605). 

[0245] The user of mobile temilnal 1 1 -1 pushes appli- 
button 23 of mobile terminal 11-1 to display an applica- 
tion menu shown as screen D21 . When screen D21 is 
displayed, the user of mobile terminal 11-1 pushes but- 
ton '2' of operating unit 22 to select the Item '2.DownIoad 
of application'. When button '2' is pushed down, mobile 
terminal 11-1 transmits, to management server 16, a re- 
quest for transmitting information of applications, which 
can be downloaded to mobile terminal 1 1 -1 (step S606). 
[0246] After receiving the request for transmitting In- 
formation of applications, management server 1 6 trans- 
mits, to mobile temriinal 11 -1 , names of applications and 
Identification numbers of applications, which are regis- 
tered in download-ready application area 53B of user 
infomnation storing unit 53-1 , as the information of ap- 
plications (step S607). 

[0247] After receiving the information of applications, 
mobile terminal 11-1 displays screen D22. In response 
to the screen, the user of mobile terminal 11-1 can ap- 
point an application, which the user wants to download 
by pushing a button whose number corresponds to the 
number of the application on the screen. For example, 
if the user pushes button '1' when screen D22 Is dis- 
played, the application titled 'Schedule manager Ver2' 
is appointed. When an application is appointed by an 
operation of the user of mobile terminal 11-1 , mobile ter- 
minal 11-1 transmits the identification number of the ap- 
pointed application to management server 16 (step 
S608), 

[0246] After receiving the Identification number of the 
appointed application, management server 1 6 reads the 
data stored in downloaded application area 53A and 
checks whether memory 1 2 of mobile temnlnal 1 1 -1 has 
enough free space for storing the appointed application 
(step S609) 

[0249] In step S609, If memory 1 2 of mobile terminal 
11-1 does not have enough free space for storing the 
appointed application, management server 16 trans- 
mits, to mobile terminal 11-1, a request for appointing 
an application, which is to be deleted from memory 12 
(step S61 0). When mobile temiinai 1 1 -1 receives the re- 
quest for appointing an application, mobile terminal 11-1 
displays screen D23 on display unit 21 . In response to 
the message on the screen, if the user of mobile terminal 
11-1 pushes button '9' to instruct the execution of the 
following operations, mobile terminal 11-1 displays 
screen D24 on display unit 21. On screen D24, the 
names of applications, which are stored in management 



area 40, are listed. In response to the information dis- 
played on the screen, the user of mobile temilnal 11-1 
can appoint an application, which is to be deleted from 
memory 12 by pushing a button whose number corre- 

5 sponds to the number of the application on the screen. 
Mobile tenminal 11-1 transmits the identification number 
of the appointed application to management servefie 
(step S611). After the operation in step S611 is carried 
out, mobile terminal 11-1 displays screen-D25 on display 

10 unit 21. 

[0250] On the contrary, in step S609, If memory 1 2 of 
mobile temiinal 11-1 has enough free space for storing 
the application appointed for downloading, the opera- 
tions in step S61 0 and step S611 are skipped, and man- 
is agement server 1 6 moves to the operation in step S61 2, 
In which case, mobile terminal 11-1 displays screen D25 
on display unit 21 . 

[0251] Next, management server 1 6 reads the.infor- 
rhation concerning the appointed application, namely 

20 niessage digest of the application, the reliability Index 
of the application, the storage location information of the 
application, etc., from application information storing 
unit 52, by use of the identification number of the appli- 
cation, and transmits the infomnation to mobile terminal 

25 11-1 (step S6 12). 

[0252] When mobile tenninal 1 1 -1 receives the mes- 
sage digest of the application, the reliability index of the 
application, the storage location information of the ap- 
plication, etc., from management server 16, mobile ter- 

30 minal 11-1 transmits to content server 20-1, a request 
for transmitting the application by use of the storage lo- 
cation infomiation of the application (step S613). The 
request for transmitting the application contains the 
identification number of mobile terminal 11-1 and the 

35 identification number of the application. 

[0253] After receiving the request for transmitting the 
application, content server 20-1 checks whether the 
Identification number contained in the request for trans- 
mitting the application, matches the identification 

40 number of the mobile terminal, for which content server 
20-1 accepted the request for purchasing the applica- 
tion in step S602. If these identification numbers match, 
content server 20-1 transmits to authentication server 
17, a request for transmitting 'PK-MT-1', namely the 

45 public key of mobile terminal 11-1 (step S614). In re- 
sponse to the request for transmitting 'PK-MT-1', au- 
thentication server 17 transmits 'PK-MT-1' to content 
server 20-1 (step S615). 

[0254] After receiving 'PK-MT-1 ', content server 20-1 
50 encrypts the application, which is to be transmitted, by 
use of 'PK-MT-1 ' (step S616). 

[0255] Because of this encryption, unauthorized us- 
ers cannot understand the application in the instance 
that the application is wiretapped during transmission 
55 from content server 20-1 to mobile terminal 1 1 -1 . As a 
result, unauthorized usage of the application can be pre- 
vented. 

[0256] Then, content server 20-1transmits the en- 
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crypted application to mobile terminal 11-1 (step S61 7). 
[0257] When mobile temiinal 11-1 receives the en- 
crypted application, mobile terminal 11-1 decrypts the 
application using 'SK-MT-1', namely the secret key of 
mobile terminal 11-1 (step S618). . 
[0258] Next, mobile t^miinal 11-1 creates a message 
digest of the application, which is not encrypted afterthe 
operation in step S608, and verifies the newly created 
message digest and the message digest, which was re- 
ceived from management server 16 through the opera- 
tion in step S612 (stepS619). If the message digest from 
management server 1 6, which is a certificate of content 
of the application created just afterthe completion of the 
examination of the application, and the newly created 
message digest match, it is confinned that the applica- 
tion received by mobile temninal 1 1 -1 from content serv- 
er 20-1 has not been altered. On the other hand, ifthese 
message digests do not match, the application is not 
stored In memory 12, and mobile temninal 11-1 transmits 
to management server 1 6, a notice of failure of receiving 
the proper application. 

[0259] In step S619, if the message digests match, 
mobile temninal 1 1 -1 stores the application in one of ap- 
plication areas 40A of management areas 40 in memory 
12 (step S620). In step S609, if memory 12 does not 
have enough free space for storing the application, the 
newly received application is written in the management 
area 40 where an application appointed to be deleted in 
step S611, is stored. In step S609, if there is enough 
free space in the memory, the received application is 
written in one of management areas 40, which do not 
store any application. 

[0260] After mobile tenninal 11-1 completes the oper- 
ation of storing the application, mobile terminal 11-1 
transmits to management server 1 6, a notice of comple- 
tion of storing the application (step S621). After the op- 
eration in step S621, mobile temiinal 11-1 displays an 
ordinary screen on display unit 21 shown as screen D26. 
[0261 ] After receiving the n otice of completion of stor- 
ing the application, management server 1 6 updates the 
data in user infomiation storing unit 53 as follows (step 
S622). If an application is deleted from memory 12 of 
mobile terminal 11 through the operations explained 
above, management server 16 moves the information 
of the application registered in downloaded application 
area53Ato down load-ready application area53B. Man- 
agement server 16 moves the infonmation of the appli- 
cation, which is newly stored in memory 12 from down- 
load-ready application area 53B to the corresponding 
location in downloaded application area 53A. 
[0262] The description given in the preceding para- 
graphs is that of the flow of operations executed when 
a user of mobile temninal 11 purchases and downloads 
an application whose reliability index is '1 ' or more than 
'V. On the contrary, if a user of mobile temninal 11 pur- 
chases and downloads an application whose reliability 
index is '0', management server 16 does not need to 
transmit a message digest and a reliability index of the 



application to mobile terminal 11-1 , and, only the oper- 
ations in steps S601 to S604, steps S606 to S611 . steps 
S613 to S61 8, and steps S620 to S622 described in Fig. 
40 are followed. Moreover, in this case, the list of appli- 

5 cations for appointing an application deletion displayed 
in step S610 and in step S611 is a list of applications 
stored In free area 41 instead of the list of applications 
stored in management area 40. 
[0263] According to the operations explained above, 

10 an application is stored in memory 1 2 of mobile terminal 
11-1, but the application is not activated. Therefore, the 
user of mobile terminal 11-1 needs to execute an acti- 
vation operation to make the newly purchased applica- 
tion usable. The activation operation in the third embod- 

is iment is the same as in the first embodiment. The deac- 
tivation operation and the deleting operation in the third 
embodiment are also the same as those in the first em- 
bodiment. 

20 [4] Modifications 

[4.1 ] First modification 

[0264] In the first modification , the application delivery 
25 system contains a plurality of management servers. The 
plurality of management servers may be synchronized 
with one another, and the data In their databases are 
frequently updated. When any of the mobile terminals 
or content servers needs to communicate with a man- 
30 agement server, they can choose any one of the man- 
agement servers, which can speed up the process of 
communication. According to the first modification, the 
overall speed of a transaction in the application delivery 
system and the durability of the management servers 
35 against system failures are improved, because the man- 
agement servers carry out their tasks in a distributed 
processing system. 
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[4.2] Second modification 



[0265] In the second modification, users of mobile ter- 
minals have several options of locations for storing ap- 
plications In the mobile tenninals in addition to internal 
memories of the mobile tenninals, such as several kinds 

45 of IC card memories, User Identification Modules 
(UlMs), and external storage devices, which can be con- 
nected to the mobile temninals. According to the second 
modification, applications can easily be shared and 
moved among several mobile terminals by replacing 

50 these recording media, which contain applications. 

[4.3] Third modification 

[0266] In the third modification, mobile tenninals com- 
55 prise input/output interfaces by which mobile tenninals 
communicate with other information terminals through 
cables or radio wave, which are different from the mobile 
communication network. Therefore, mobile temninals 
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can obtain applications from otiier information tenninals 
through their input/output interfaces. 

[4.4] Fourth modification 

5 

[0267] In the fourth modification, management serv- 
ers can differentiate the identification numbers listed In 
the application information storing unit of each of the ap- 
plications whose contents are the same, but whose pro- 
viders are different from each other. IWoreover, if neces- io 
sary, each of the applications is given a different relia- 
bility index from those of others. According to the fourth 
embodiment, for example, applications provided by re- 
liable content providers are given high reliability indexes 
and applications provided by less reliable content pro- 
viders are given low reliability indexes. As a result, dif- 
ferent conditions can be given to applications of the 
same contents. 

[4.5] Fifth modification ^ 

[0268] in the fifth modification, an application can oc- 
cupy a plurality of memory areas in the memory of a mo- 
bile tennlnal. Therefore, even an application of a large 
size can be processed by a mobiie tennlnal. 25 

[4.6] Sixth modification 

[0269] In the sixth modification, management areas 
for storing applications, whose contents are examined 30 
and free areas for storing applications, whose contents 
are not examined, can be switched from one to the other. 
The memory controller manages application information 
whether an application in a memory area is given a re- 
liability Index or not, and it does not mistakes an appli- 35 
cation in a management area with an application in a 
free area. Therefore, if there is a shortage of free space 
in management areas, for example, free areas with free 
space can be switched into management areas. As a 
result, a more efficient utilization of memory area can 40 
be achieved. 

[4.7] Seventh modification 

[0270] In the seventh modification, a third party entity, 45 
which is different from the administration entity of the 
management server, conducts examinations of applica- 
tions and provides information on the reliability of the 
applications. The information on the reliability provided 
by the third party entity is transmitted to the manage- so 
ment server, and used by the management server and 
the mobile tenninals. 

[0271] The third party entity manages a content au- 
thentication server, and the content authentication serv- 
er publishes to the management server, a certificate for 55 
an application, when the application is transmitted from 
a content server to the management server. The man- 
agement server confirms whether the application has 
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been changed because of falsification by the content 
server, etc, 

[0272] To put It more concretely, after examining an 
application, the third party entity creates a message di- 
gest of the application by use of a hash function. When 
the management server receives the application from a 
content server, the management server transmits to the 
content authentication server, a request for transmitting 
the message digest, which corresponds to the applica- 
tion. In response to the request, the content authentica- 
tion server transmits the message digestto the manage- 
ment server. After receiving the message digest, the 
management server creates a message digest of the 
application by use of the same hash function, which the 
third party entity used, and verifies the message digest 
' received from the content authentication server and the 
newly created message digest. According to the verifi- 
cation, the management server can confinn that the re- 
ceived application is a proper one. 
[0273] In the seventh modification, there is nb need 
for the management server to obtain an application with- 
out encryption, since the third party entity guarantees 
the contents. Therefore, for example, content servers 
can deliver applications, which are encrypted by use of 
public keys of mobile tenninals, to the mobile terminals 
through the management server Since the manage- 
ment server can confirm that the contents of the appli- 
cations are not changed, there is no need for the man- 
agement server to check the transmitter of the applica- 
tions. As a result, content sen/ers can transmit applica- 
tions to the management serverwithout encrypting them 
by use of secret keys of the content servers. 

[4.8] Eighth modification 

[0274] In the eighth modification, reliability related in- 
formation is used for managing requests of an applica- 
tion for using functions or data of another application or 
a control program, and the reliability related information 
provides indications with regard to each of the relations > 
between the various functions and data, which are used 
forjudging whether the requests should be accepted or 
not. 

[0275] According to the eighth modification, a mobile 
terminal can carryout flexible controls of coordinated op- 
erations In which, for example, application A is allowed 
to call function 1 of application B but not allowed to call 
function 2 of application B. 

[5] Effects of the Invention 

[0276] As explained above, according to methods, 
systems, or apparatuses of the present invention, a plu- 
rality of applications stored in the memory of a mobile 
terminal can be coordinated and executed. At the same 
time, because a memory controller strictly supervises 
data exchanges between the applications and calls for 
functions of other applications on the basis of infonna- 
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tion on reliability given to eacii of the applications, tlie 
risk of leakage and destruction of high value data such 
as personal infonnatlon and monetary data is reduced. 
As a result, when applications are executed in nnobile 
tenninals, both of improvement of user friendliness of 
the mobile terminals and maintenance of information se- 
curity are realized. 



Claims 

1. A method for managing programs, said method 
comprising: 

a program- obtaining step of a mobile terminal 
obtaining a program, which can be executed by 
said mobile terminal, and storing said program 
in a memory of said mobile temninal; 
a coordination information- obtaining step of 
said mobile terminal obtaining coordination in- 
formation, which is used for managing at least 
one of start of another program, which is other 
than said program, by said program and com- 
munication of data with said other program, and 
storing said coordination infonnation in a mem- 
ory of said mobile terminal, and; 
an operation- managing step of said mobile ter- 
minal detemnining conditions of at least one of 
start of said other program and communication 
of data with said other program on the basis of 
said coordination infonnation, which corre- 
sponds to said program, in the instance that 
said other program is requested to execute an 
operation when said program, which is stored 
in said memory, is under execution, 

2. A method for managing programs according to 
claim 1 , wherein: 

said mobile tenninal obtains said coordination 
Infonnation, from a managing server for man- 
aging said coordination Infonnation, through a 
communication network, in said coordination 
information- obtaining step. 

3. A method for managing programs according to 
claim 1 , wherein: 

said mobiletermlnal obtains said program, from 
a delivering server for delivering programs, 
through a communication network, in said pro- 
gram- obtaining step. 

4. A method for managing programs according to 
claim 1 , wherein said method further comprises: 

a certificate- preparing step of a certification 
server, which is able to communicate with said 
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mobile terminal through a communication net- 
work, preparing certificate information for certi- 
fying correctness of at least one of said pro- 
gram and said coordination information, and; 
a certificate information- obtaining step of said 
mobile tenninal obtaining said certificate infor- 
mation from said certification server through 
said communication network; wherein, 
said mobile tenninal pennits or prohibits an op- 
eration of said program in said mobile terminal 
on the basis of said certificate information. 

A method for managing programs according to 
claim 4, wherein: 

said certificate infonnation is prepared by en- 
cryption of at least one of said program and said 
coordination infonnation by use of a crypto- 
graph key, and; 

said mobile tenninal pennits said operation of 
said program In the instance that at least one 
of said program and said coordination Informa- 
tion, which is encrypted, is able to be decrypt- 
ed. 

A method for managing programs according to 
claim 5, wherein: 

said cryptograph key is a secret key in a public 
key system. 

A method for managing programs according to 
claim 4, wherein: 

said certificate infonnation is a message digest 
which is a digest of at least one of said program 
and said coordination infonnation, and; 
said mobile terminal pennits said operation of 
said program on the basis of a result of verifi- 
cation between said certificate information and 
a message digest of at least one of said pro- 
gram and said coordination infonnation, which 
is generated by said mobile tenninal. 

A method for managing programs according to 
claim 2, wherein said method further comprises: 

a storage data- preparing step of said manag- 
ing server preparing storage data concerning 
the state of storage of said program in said mo- 
bile terminal; 

a management data- preparing step of said 
managing server preparing management data 
for managing said program In said mobile ter- 
minal on the basis of said storage data, and; 
a management data- obtaining step of said mo- 
bile tenninal obtaining said management data 
from said managing server; wherein, 
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said mobile terminal manages said program In 
said mobile temfiinai on the basis of said man- 
agement data. 

9. A method for managing programs according to 
claim 8, wherein: 

said mobile tenninal pemiits or prohibits an op- 
eration of said program in said mobile temninal 
on the basts of said management data. 

10. A method for managing programs according to 
claim 9, wherein: 

said mobile temiinal notifies a permission of 
said operation of said program, by use of at 
least one of letter, Image, sound, and vibration, 
in the instance that said mobile tenninai permits 
said operation of said program. 

11. A method for managing programs according to 
claim 8, wherein: 

said mobile terminal deletes said program In 
said mobile temninal on the basis of said man- 
agement data. 

12. A method for managing programs according to 
claim 8, wherein: 

said communication network contains a serv- 
ice-charge levying server for managing serv- 
ice-charge accounts of said program; and 
said method further comprises a sen/lce- 
charge data- obtaining step of said service- 
charge levying server obtaining at least a part 
of said management data as service-charge 
data; wherein, 

said service-charge levying server manages 
said service-charge accounts of said program 
on the basis of said service-charge data. 

13. A method for managing programs according to 
claim 2, wherein said method further comprises: 

a request- obtaining step of said managing 
server obtaining a preparation request for pre- 
paring transmission of a program, and; 

4 

a transmission- preparing step of said manag- 
ing server preparing transmission of said pro- 
gram to said mobile terminal in response to said 
preparation request; wherein, 
said mobile tenninal obtains said program, 
which is prepared for transmission in said trans- 
mission- preparing step, in said program- ob- 
taining step. 

14. A method for managing programs according to 
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claim 13, wherein: 

said managing server prepares at least one of 
said program and location information, which 
indicates location where said program is 
stored, in said transmission preparing step. 

15. A method for managing programs according to 
claim 13, wherein said method further comprises: 

a completion notice- transmitting step of said 
managing server transmitting a completion no- 
tice for notifying completion of preparing trans- 
mission of said program, to said mobile termi- 
nal, when said transmission- preparing step is 
completed, and; 

a completion notice- receiving step of said mo- 
bile tenninal receiving said completion notice 
from said managing server; wherein, 
said mobile terminal notifies that said program 
Is ready for transmission, by use of at least one 
of letter, image, sound, and vibration, when 
said mobile terminal receives said completion 
notice. 

16. A method for managing programs according to 
claim 13, wherein: 

said communication network contains a serv- 
ice-charge levying server for managing serv- 
ice-charge accounts of said program; 
a preparation data- preparing step of said man- 
aging server preparing transmission prepara- 
tion data, which Indicate that preparation for 
transmission of said program to said mobile ter- 
minal is completed in response to said prepa- 
ration request, and; 

a service-charge data- obtaining step of said 
service-charge levying server obtaining at least 
a part of said transmission preparation data as 
service-charge data; wherein, 
said service-charge levying server manages 
said service-charge accounts of said program 
on the basis of said service-charge data. 

17. A program management system, said system com- 
prising: 

a cortimunlcation network, which contains a de- 
livering server, a managing server, and a mo- 
bile terminal; wherein, 

said delivery server comprises a program- stor- 
ing unit for storing a program, and a program- 
transmitting unit for transmitting said program 
to said mobile terminal; 
said managing server comprises a coordination 
infonnatlon- storing unit for storing coordination 
Infonnatlon, concerning control of coordinated 
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operations of said program and another pro- 
gram, which Is other than said program, and a 
coordination Information- transmitting unit for' 
transmitting said coordination information to 
said mobile terminal, and; s 
said mobile terminal comprises a program- re- 
ceiving unit for receiving said program from 
said delivering server, a coordination informa- 
tion- receiving unit for receiving said coordina- 
. tion infomiation from said managing server, a io 
program- storing unit for storing said program, 
a coordination Information- storing unit for stor- 
ing said coordination infomnatlon, and ah oper- 
ation- managing unit for determining conditions 
of at least one of start of said other program and 
communication of data with said other program 
on the basis of said coordination information, 
which corresponds to said program, In the in- 
stance that said other program is requested to 
execute an operation when said program Is un- 20 
der execution. 

18. A server for a communication network containing a 
mobile temiinal, said server comprises: 

25 

a coordination infomiation- storing unit for stor- 
ing coordination infomnatlon, which is used for 
determining conditions of at least one of start 
of a program and communication of data with 
said program in the instance that said program 30 
is requested to execute an operation when an- 
other program, which is other than said pro- 
gram, Is under execution, and; 
a coordination information -transmitting unit for 
transmitting said coordination Infonnation to 35 
said mobile terminal. 

19. A server according to claim 18, wherein said server 
further comprises: 

40 

a certificate- preparing unit for preparing certif- 
icate information for certifying correctness of at 
least one of said program and said coordination 

Infomnatlon, and; 

a certificate- transmitting unit for transmitting 
said certificate Infomnatlon to said mobile termi- 
nal. 

20. A server according to claim 1 9, wherein: 

50 

sal d certificate- preparing un it comprises an en- 
crypting unit for encrypting at least one of said 
program and said coordination infomnation. 

21 . A server according to claim 20. wherein: 55 

said encrypting unit comprises a secret key- 
storing unit for storing a secret key in a public 
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key system. 

22. A server according to claim 1 9, wherein: 

said certificate- preparing unit comprises a 
message digest- preparing unit for preparing a 
message digest, which is a digest of at least 
one of said program and said coordination in- 
formation. 

23. A server according to claim 1 8, wherein said server 
further comprises: 

a storage data- preparing unit for preparing 
storage data concerning the state of storage of 
said program in said mobile terminal; 
a management data- preparing unit for prepar- 
ing management data for managing said pro- 
gram in said mobile tenminal on the basis of said 
storage data, and; 

a management data- transmitting unltfortrans- 
mitting said management data to said mobile 
terminal. 

24. A sen/er according to claim 23, wherein said server 
further comprises: 

a service-charge data- transmitting unit for 
transmitting at least a part of said management 
data as service-charge data to a service- 
charge levying server for managing service- 
charge accounts, contained in said communi- 
cation network. 

25. A sen/er according to claim 1 8, wherein said server 
further comprises: 

a request- receiving unit for receiving a prepa- 
ration request for requesting said program- 
transmitting unit to prepare transmission of said 
program, and; 

a transmission- preparing unit for preparing 
transmission of said program to said mobile ter- 
minal in response to said preparation request. 

26. A server according to claim 25, wherein: 

said transmission- preparing unit comprises a 
preparation Information- storing unit for storing 
at least one of said program and location infor- 
mation, which indicates location where said 
program is stored. 

27. A server according to claim 25, wherein said server 
further comprises: 

a completion notice- transmitting unit for trans- 
mitting a completion notice for notifying com- 
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pletion of preparing transmission of said pro- 
. gram, to said mobile terminal,, when prepara- 
tion for transmission of said program is com- 
pleted. 

28. A server according to claim 25, wherein said server 
further comprises: 

a preparation data- preparing unit for preparing 
transmission preparation data, which indicate 
that preparation for transmission of said pro- 
gram to said mobile terniina! is completed in re- 
sponse to said preparation request, and; 
a service-charge data- transmitting unit for 
transmitting at least a part of said transmission 
preparation data as service-charge data to a 
service-charge levying server for managing 
service-charge accounts, contained in said 
communication networlc. 

29. A mobile terminal comprises: 

a program- storing unit for storing a program; 
a coordination infonnation- storing unit for stor- 
ing coordination information concerning control 
of coordinated operations of said program and 
another program, which is other than said pro- 
gram, and; 

an operation- managing unit for determining 
conditions of at least one of start of said other 
program and communication of data with said 
other program on the basis of said coordination 
infonnation in the instance that said other pro-, 
gram is requested to execute an operation 
when said program is under execution. 

30. A mobile terminal contained In a communication 
network, which contains a delivering server for de- 
livering programs and a managing server for man- 
aging programs, said mobile terminal comprises: 

a program- receiving unit for receiving a pro- 
gram from said delivering sen/er; 
a program- storing unit forstoring said program; 
a coordination Information- receiving unit for re- 
ceiving coordination Infonrratlon concerning 
control of coordinated operations of said pro- 
gram and another program, which is otherthan 
said program, from said managing server; 
a coordination infonnation- storing unit for stor- 
ing said coordination infonnation, and; 
an operation- managing unit for determining 
conditions of at least one of start of said other 
program and communication of data with said 
other program on the basis of said coordination 
Infonnation in the instance that said other pro- 
gram is requested to execute an operation 
when said program is under execution. 



31 . A mobile tenninal according to claim 30, wherein 
said mobile terminal further comprises: 

a certificate- receiving unit for receiving certifi- 
5 cate information for certifying correctness of at 

least one of said program and said coordination 
infonnation, from said managing server, and; 
an operation- permitting unit for pemriittlng or 
prohibiting an operation of said program on the 
10 basis of said certificate information. 

32. A mobile terminal according to claim 31 , wherein: 

said operation- permitting unit comprises a de- 
15 crypting unit for decrypting at least one of said 

program and said coordination information in 

the instance that at least one of said program 
and said coordination information is encrypted. 

20 33. A mobile tenninal according to claim 32, wherein: 

said decrypting unit comprises a public key- 
storing unit for storing a public key of said man- 
aging server in a public key system. 

25 

34. A mobile terminal according to claim 31 , wherein: 

said operation- pennittlng unit comprises a 
message digest- preparing unit for preparing a 
30 message digest, which is a digest of at least 

one of said program and said coordination in- 
formation. 

35. A mobile tenninal according to claim 30, wherein 
35 said mobile tenninal further comprises: 

a management data- receiving unit for receiv- 
ing management data for managing said pro- 
gram, from said managing sender, and; 
40 a managing unit for managing said program on 

the basis of said management data. 

36. A mobile tenninal according to claim 35, wherein 
said mobile tenninal further comprises: 

45 

a notifying unltfor notifying a permission of said 
operation of said program, by use of at least 
one of letter. Image, sound, and vibration, In the 
instance that said rnanaging unit permits said 
50 operation of said program. 

37. A mobile tenninal according to claim 30, wherein 
said mobile tenninal further comprises: 

55 a request- transmitting unit for transmitting a 

preparation request for preparing transmission 
of said program, to said managing server. 
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38. A mobile terminal according to claim 37, wherein 
said mobile terminal further comprises: 

a completion notice- receiving unit for receiving 
a completion notice for notifying completion of 
preparing transmission in response to said 
preparation request, from said managing serv- 
er, and; 

a notifying unit for notifying that said program 
is ready for transmission, by use of at least one 
of letter, Image, sound, and vibration, when 
said completion notice is received. 

39. A program, said program pemiitting a computer of 
a managing server for managing programs in a 
communication network, which contains a mobile 
terminal: 

to transmit coordination infonnation, which is 
used in said mobile temninal for detemiining 
conditions of at least one of start of a program 
and communication of data with said program 
in the instance that said program is requested 
to execute an operation when another program, 
which is other than said program, is under ex- 
ecution, to said mobile terminal. 

40. A program according to claim 39, said program fur- 
ther pennitting said computer of said managing 
server: 

to prepare certificate Information for certifying 
correctness of at least one of a program, which 
is executed in said mobile station, and said co- 
ordination Information, and; 
transmit said certificate. 

41. A program, said program permitting a computer of 

a mobile terminal: 

to obtain coordination infonnation concerning 
control of coordinated operations of programs, 
and; 

determine conditions of at least one of start of 
a program and communication of data with said 
program In the instance that said program is re- 
quested to execute an operation when another 
program, which is other than said program, is 
under execution. 

42. A program according to claim 41 , said program fur- 
ther permitting said computer of said mobile termi- 
nal: 



permit or prohibit operations of at least one of 
said program and said other program on the ba- 
sis of said certificate infonnation. 

5 43. A record medium, said medium containing a pro- 
gram for pennitting a computer of a managing serv- 
er for managing programs in a communication net- 
work, which contains a mobile terminal: 

10 to transmit coordination infonnation, which is 

used in said mobile terminal for determining 
conditions of at least one of start of a program 
and communication of data with said program 
in the instance that said program is requested 

15 to execute an operation when another program, 

which is other than said program. Is under ex- 
ecution, to said mobile terminal. 

44. A record medium, said medium containing a pro- 
20 gram according to claim 43, said program further 
pennitting said computer of said managing server: 

to prepare certificate infonnation for certifying 
correctness of at least one of a program, which 
25 is executed in said mobile station, and said co- 

ordination information, and; 
transmit said certificate. 



30 



45. A record medium, said medium containing a pro- 
gram for permitting a computer of a mobile terminal: 



to obtain coordination infonnation concerning 
control of coordinated operations of programs, 
and; 

35 determine conditions of at least one of start of 

a program and communication of data with said 
program in the instance that said program is re- 
quested to execute an operation when another 
program, which is other than said program, is 

40 under executio n . 

46. A record medium, said medium containing a pro- 
gram according to claim 45, said program further 
permitting said computer of said mobile terminal: 

45 

to obtain certificate infonnation for certifying 
correctness of at least one of said program, 
said other program, and said coordination in- 
formation, and; 
50 pennit or prohibit operations of at least one of 

said program and said other program on the ba- 
sis of said certificate information. 



to obtain certificate information for certifying 
correctness of at least one of said program, 
said other program, and said coordination in- 
fonnation, and; 



55 



36 



EP1 391 810 A1 




37 



r 



EP1 391 810 A1 



FIG. 2 




11-1 



APPLICATION MENU 

1 . NEW PURCHASE OF 
APPL I CAT I ON 

2. DOWNLOAD OF 
APPL I CAT I ON 

3. START OF APPLICATION 

4. CANCEL OF PURCHASE 
CONTRACT OF 

APPL I CAT I ON 
0. PREVIOUS PAGE 



* 

1 












® 


® 


® 


® 


® 


® 




® 


® 


® 


® 


® 



38 



EP 1 391 810 A1 



FIG. 3 
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